Harrods Alerts Customers to Data Breach but Confirms Financial Details Unaffected

Published: September 28, 2025, 20:15 EDT

Harrods, the iconic British luxury department store, has informed customers that a recent cyberattack exposed some personal details from its online database. The breach, linked to a third-party service provider, has raised concerns amid a wave of cyber incidents affecting major U.K. businesses in recent months.

Harrods Discloses Details of the Breach

In a statement issued Friday evening, Harrods confirmed that customer names and contact information were accessed during the incident. The retailer stressed that more sensitive data, including payment details and account passwords, were not compromised.

“The impacted personal data is limited to basic personal identifiers including name and contact details, but does not include account passwords or payment details,” Harrods said. The company added that the breach was “isolated” and had been fully contained.

Company Response and Previous Security Concerns

The department store emphasized that this breach was unrelated to a separate security precaution taken in May, when it restricted online access following an attempted intrusion. At that time, no customer data was confirmed as stolen.

Harrods also noted that it has directly contacted affected customers and assured them that protective measures have been reinforced. The company did not disclose the number of individuals impacted.

Arrests Linked to Wider Cybercrime

The breach comes months after four individuals were arrested in July on suspicion of involvement in cyberattacks targeting Harrods, Marks & Spencer, and the Co-op. According to police, the suspects were released on bail while investigations continue. Authorities have not yet confirmed if the latest Harrods incident is connected to those earlier attacks.

The arrests highlight the growing threat of organized cybercrime groups targeting high-profile retail and consumer-facing companies in the U.K.

Cyberattacks on Other British Companies

Harrods is not alone in facing cyber challenges. In August, Jaguar Land Rover—the U.K.’s largest automaker—reported a cyberattack that forced production lines to remain closed until at least October 1.

Just last week, hackers targeted Kido, a London-based nursery chain, stealing sensitive data on thousands of children and reportedly posting some images and personal information on the darknet. The Metropolitan Police confirmed that investigations into what it described as a “ransomware attack on a London-based organization” are ongoing, though no arrests have yet been made.

Rising Cybersecurity Risks in the U.K.

Experts note that the increase in attacks on major British companies highlights vulnerabilities across industries ranging from retail to automotive to education. While Harrods has assured customers that no financial data was exposed, the incident underscores the risks associated with third-party service providers in supply chain security.

Businesses are under mounting pressure to invest in more resilient cybersecurity infrastructure, especially as ransomware attacks and data breaches continue to affect public trust and consumer confidence.

Looking Ahead

For Harrods, the priority remains restoring customer confidence while cooperating with investigators. While the luxury retailer has pledged to strengthen its systems, the broader surge in cyberattacks suggests that companies across the U.K. will face continued challenges in protecting sensitive data.

As police investigations continue and new preventive measures are put in place, cybersecurity is expected to remain a critical concern for both businesses and consumers in the months ahead.

Source: AP News – British department store Harrods warns customers that some personal details taken in data breach