Harrods Suffers Second Cyberattack in a One Year Span

Third-Party Provider Responsible for the Breach

The breach did not stem from Harrods' internal systems but rather from a third-party provider the company relied on. Harrods was quick to clarify that its internal infrastructure was unaffected by the attack. In line with cybersecurity best practices, Harrods took immediate steps to investigate the incident, working closely with cybersecurity experts and law enforcement authorities.

Extortion Attempt

After the breach, the attackers reached out to Harrods, taking responsibility for the cyberattack. However, Harrods firmly refused to engage with them, following advice from cybersecurity professionals not to negotiate with cybercriminals or pay ransoms. This decision reflects a growing trend in the industry to avoid rewarding malicious actors.

Reportedly, the third-party provider quickly isolated the breach and contained the incident. Although details of the containment process have not been fully disclosed, Harrods assured its customers that the situation was swiftly addressed, limiting the impact of the attack.

The Previous Cyberattack

Before the September attack, Harrods was also targeted by a cyberattack in May 2025. However, this earlier attempt was less severe. The May attack did not expose any customer data, and no payment information or order history was accessed. As a precautionary measure, Harrods restricted internet access across its offices and sites, which resulted in minimal disruption to its operations. The company also communicated that the incident was contained without elaborating on the specifics of the attack.

Harrods Response

In response to both cyberattacks, Harrods demonstrated its commitment to cybersecurity by collaborating closely with cybersecurity experts and law enforcement. The company has prioritized investigations into the breaches while also reinforcing its internal security protocols. Although Harrods has not publicly disclosed any specific financial impact from the attacks, it is widely assumed that the incidents affected its internal operations and reputation, particularly in the luxury retail sector.

The Aftermath

Both cyberattacks are under investigation by the National Crime Agency (NCA) and the Metropolitan Police. These agencies are also looking into the broader pattern of cyberattacks affecting UK retailers, including high-profile targets like Marks & Spencer (M&S) and Co-Op Group. The ongoing investigations are focusing on third-party provider vulnerabilities, which have become a growing concern for businesses, especially those in high-profile sectors such as luxury goods retail.

The repeated cyberattacks on prominent UK retailers, including Harrods, have raised alarms about the cybersecurity risks facing the industry. The National Cyber Security Centre (NCSC) has urged all retailers to take stronger measures to protect themselves from similar attacks. Additionally, consumers are being advised to stay vigilant, particularly when it comes to monitoring their bank accounts and online activity.

Conclusion

Harrods' two cyberattacks in 2025 serve as a stark reminder of the evolving cybersecurity risks facing major UK retailers. While the September attack was more severe, both incidents highlight the importance of strengthening third-party security protocols. The company's decision not to engage with the hackers in line with industry recommendations reflects a broader shift toward refusing to yield to cybercriminals. As the investigation continues, it is clear that cybersecurity will remain a top priority for Harrods and other UK retailers in the coming years.