26.09.2025
2 min
596
Luxury department store Harrods has confirmed a new cybersecurity incident: a third-party vendor platform was compromised, exposing 430,000 e-commerce customer records. The company emphasizes that passwords, payment details and order history were not affected, and the criminals’ attempts to negotiate were rejected.
Harrods has informed the affected parties and regulators and is working with the contractor to address the impact. The exposed records contain names and contact details; in some cases, internal labels/tags for marketing and services (for example, loyalty program level or co-branded card membership). The company believes that these labels are difficult for third parties to correctly interpret. Harrods emphasizes that none of its own systems were compromised, the incident is isolated and not related to a previous hacking attempt in spring 2025. Customers are advised to be vigilant for phishing emails and SMS and not to click on suspicious links.
In April 2025, Harrods was targeted by an attempted attack by a group linked to Scattered Spider, which previously targeted Marks & Spencer and Co-op. In the summer, the market was shaken by a chain attack on Salesforce ecosystems using stolen OAuth tokens (Salesloft), after which a number of companies reported the disclosure of customer data. Experts point to a trend: over 40% of ransomware campaigns start with the compromise of a third party, and the vast majority of large British companies have at least one vendor in their chain with an incident.
The Harrods case is another confirmation that the weak link is contractors. Recommendations: continuous monitoring of third parties, real-time alerts about leaks, Zero–Trust for all integrations, MFA/SSO and access segmentation for vendors, auditing of OAuth tokens and logged integrations, DLP and clear playbooks for communicating with customers without entering into negotiations with attackers.
