Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Harrods hit by second cyber attack in six months | Computer Weekly

By Computer Weekly by By Computer Weekly
September 29, 2025
Home Uncategorized
Share on FacebookShare on Twitter


Prestigious London department store Harrods has again been struck by a serious cyber incident after over 400,000 customer records were stolen in a third-party data breach at an undisclosed supplier.

Harrods has stressed that the incident affected a small portion of its shoppers – the majority of its clientele prefer to shop in-store, not online – and that the incident is unrelated to the attempted Scattered Spider attack on its systems earlier this year.

Nor is there any evidence to link the breach to the ongoing Salesloft Drift – Salesforce incident that involved the theft of authentication tokens.

“We have been notified by one of our third-party providers that some Harrods e-commerce customers’ personal data has been taken from one of their systems. We have informed affected customers that the impacted personal data is limited to basic personal identifiers including name and contact details but does not include account passwords or payment details,” a Harrods spokesperson said. 

“The third-party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken.”

Harrods additionally confirmed that some customer records may have labels relating to marketing or other services it provides, such as loyalty tier levels or affiliation with co-branded cards. 

“Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” said Harrods.

Over the weekend, it emerged that the threat actor responsible had been in communication with the retailer, but the firm has additionally stated that it is not engaging with its attackers.

Nevertheless, said Jamie Moles, ExtraHop senior technical manager, the breach still exposed highly valuable personal information.

“This type of dataset is a goldmine for cybercriminals, enabling convincing phishing campaigns, credential harvesting, and even identity fraud,” said Moles.

“The fact that the compromise originated from a third-party provider underlines one of the most persistent challenges in cyber security: supply chain risk. Retailers can invest heavily in their own defences, but one weak link in a partner’s systems can open the door to large-scale data theft.

He added: “The pressing question is how long the attackers had access before being detected, and what else they may have been able to view or move through.”

Mariano Gomide, CEO of Vtex – an ecommerce platform – said it was clear from Harrods’ response that lessons had been learned from the Scattered Spider incident.

“Harrods’ latest breach was met with clearer incident steps as customers and authorities were informed, attackers were dismissed, and follow-up actions were defined. This stands in contrast to the more limited precautionary measures taken during its May 2025 incident,” said Gomide.

Gomide said retailers needed to work to modernise underlying systems with embedded security and compliance lest they put their branding and customer trust at risk.

“Customers do not see the third-party providers or integrations behind the scenes. They see the brand they chose to buy from, and that is where accountability remains,” he said.

“Unless retailers want to continue putting their name on the line for bolt-on solutions, modern unified commerce disciplines must be made to design with governance and adaptability at the core.

“Brands should be able to continue delivering innovative and personalised experiences without leaving their reputation exposed to the failure of an integration,” said Gomide.



Source link

By Computer Weekly

By Computer Weekly

Next Post
⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More

⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More

Recommended.

OpenAI Launches GPT-4.5 for ChatGPT—It’s Huge and Compute-Intensive

OpenAI Launches GPT-4.5 for ChatGPT—It’s Huge and Compute-Intensive

February 27, 2025
Spoločnosť Huawei predstavuje vylepšené riešenie AI WAN s architektúrou zameranou na umelú inteligenciu na podporu rastu operátorov

Spoločnosť Huawei predstavuje vylepšené riešenie AI WAN s architektúrou zameranou na umelú inteligenciu na podporu rastu operátorov

October 18, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio