The Harrods data breach has raised concerns among customers after the luxury department store confirmed that some personal information had been stolen in an IT systems incident.
According to Harrods details such as customer names and contact information were accessed through a third party provider’s systems. The company emphasized in an email to affected users that no passwords or payment data were compromised in the Harrods data breach.
In its statement the store described the issue as an isolated incident that has since been contained. “The third party has confirmed this is an isolated incident which has been contained and we are working closely with them to ensure all appropriate measures are in place”Harrods said. Relevant authorities have also been notified.
The retailer clarified that its own internal systems were not affected and stressed that the incident is unrelated to the earlier cyber attack in May, when it temporarily restricted internet access across its sites. That attempt was linked to a hacker group that also targeted Marks & Spencer and the Co-op earlier this year.
In July, the UK’s National Crime Agency arrested four individuals in connection with those earlier attacks. A 20 year old woman was detained in Staffordshire while three young men aged 17 to 19 were arrested in London and the West Midlands. All have since been released on bail.
Cybersecurity experts warn that the Harrods data breach highlights a growing threat to both major companies and their customers. Richard Horne chief executive of the National Cyber Security Centresaid such attacks have “real world impact on real people”and urged organizations of all sizes to strengthen their systems.
Another cyber incident in August even disrupted Jaguar Land Rover’s global production lines for several days showing just how damaging such attacks can be.
The Harrods data breach serves as another reminder that cybercriminals continue to refine their methods often striking without regard for who may be harmed.
