Harrods, the iconic British luxury department store, confirmed a data breach affecting ~430,000 customer records after a third-party provider’s system was compromised. The exposed data included personal details (names, email addresses, phone numbers, marketing preferences, and loyalty card information), but no payment data or passwords were stolen. The breach originated externally, with Harrods emphasizing its internal systems remained secure. The company refused to negotiate with hackers, set up a customer helpline, and collaborated with cybersecurity experts and authorities (including the ICO) for mitigation. While the financial impact was not disclosed, the incident aligns with a broader 2025 trend of cyber-attacks on major UK retailers, eroding customer trust and highlighting vulnerabilities in third-party data handling. No ransomware was involved, and the attack was contained by the third party.
Source: https://azat.tv/en/harrods-data-breach-430000-customer-records-exposed/
TPRM report: https://www.rankiteo.com/company/harrods
"id": "har1332313093025",
"linkid": "harrods",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '430,000',
'industry': 'retail',
'location': 'United Kingdom (global customer base)',
'name': 'Harrods',
'type': 'luxury department store'}],
'attack_vector': 'third-party provider system compromise',
'customer_advisories': ['Monitor for suspicious emails or phishing attempts.',
'Avoid clicking on unsolicited links.',
'Contact Harrods helpline for assistance.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '430,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'moderate (no financial or password '
'data; includes PII like names, '
'emails, phone numbers)',
'type_of_data_compromised': ['personal identifiers',
'contact details',
'marketing-related data']},
'date_publicly_disclosed': 'September 2025',
'description': 'Harrods, the iconic British department store, confirmed a '
'cybersecurity breach affecting approximately 430,000 customer '
'records. The breach originated from a third-party provider’s '
'system, exposing personal details like names, contact data, '
'and marketing-related information. No payment information or '
'passwords were compromised. Harrods refused to negotiate with '
'hackers and set up a helpline for affected customers. The '
'incident is part of a broader trend of cyber-attacks '
'targeting major UK retailers in 2025.',
'impact': {'brand_reputation_impact': 'potential erosion of trust among '
'affected customers; broader industry '
'concern over third-party '
'vulnerabilities',
'data_compromised': ['names',
'email addresses',
'telephone numbers',
'marketing preferences',
'loyalty card details',
'links to partner programs (including '
'co-branded cards)'],
'identity_theft_risk': 'moderate (personal details exposed, but no '
'financial or password data)',
'operational_impact': 'customer helpline and support portal '
'established; collaboration with '
'cybersecurity experts and law enforcement',
'payment_information_risk': 'none',
'systems_affected': ['third-party provider system']},
'initial_access_broker': {'entry_point': 'third-party provider system',
'high_value_targets': ['customer personal data',
'marketing databases']},
'investigation_status': 'ongoing (authorities and cybersecurity experts '
'involved)',
'lessons_learned': ['Third-party providers remain a critical vulnerability in '
'cybersecurity defenses.',
'Swift public communication and transparency can help '
'mitigate reputational damage.',
'Refusal to negotiate with hackers aligns with '
'cybersecurity best practices but may not prevent future '
'attacks.',
'Customer support infrastructure (e.g., helplines, '
'portals) is essential for breach response.'],
'post_incident_analysis': {'corrective_actions': ['Review and strengthen '
'third-party security '
'requirements.',
'Enhance incident response '
'coordination with external '
'partners.',
'Conduct a thorough audit '
'of all third-party data '
'storage and processing '
'systems.'],
'root_causes': ['third-party system vulnerability',
'potential lack of robust access '
'controls or monitoring in the '
'third-party environment']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enhance third-party risk management protocols, including '
'regular security audits and contractual obligations for '
'data protection.',
'Implement multi-layered security measures to isolate '
'third-party systems from core networks.',
'Educate customers on phishing risks and proactive '
'monitoring of personal data.',
'Industry-wide collaboration to share threat intelligence '
'and best practices for cyber resilience.'],
'references': [{'source': 'Cyber Press'},
{'source': 'Retail Gazette'},
{'date_accessed': 'September 2025',
'source': 'Harrods Public Statement'}],
'regulatory_compliance': {'regulatory_notifications': ['Information '
'Commissioner’s Office '
'(ICO) notified']},
'response': {'communication_strategy': ['public statement',
'email to affected customers',
'media engagement (Cyber Press, '
'Retail Gazette)'],
'containment_measures': ['third-party provider contained the '
'incident'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['dedicated helpline',
'online support portal',
'customer advisories on safeguarding '
'personal information'],
'remediation_measures': ['collaborating with cybersecurity teams '
'to address vulnerabilities'],
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': ['dedicated helpline',
'online support portal',
'email notifications to affected customers'],
'title': 'Harrods Confirms Major Data Breach Affecting 430,000 Customer '
'Records',
'type': ['data breach', 'third-party compromise']}