Harrods becomes third victim of cyberattacks on UK retailers

London luxury department store Harrods has confirmed it has been the victim of a cyberattack attempt, the third high-profile incident against a major British retailer in April, following attacks on Co-op and Marks & Spencer. Despite the attack, all Harrods stores and its online platform are operating as usual.

On May 1, Harrods told that it had suffered an attempt to gain unauthorized access to some of its systems. The IT department responded immediately, restricting internet access at all points. Stores – including the flagship in Knightsbridge, as well as airport outlets and H beauty – remain open. Harrods is not urging customers to change their behavior, assuring that it will be informed in due course.

• The Harrods incident comes amid a wider wave of attacks on British retail chains. Co-op recently reported a cyberattack that forced remote systems to shut down. Marks & Spencer suffered a major attack over Easter, with more than 1,000 stores without payment terminals and thousands of online orders cancelled. Suspicion for M&S is being directed at the Scattered Spider group, although this has not been officially confirmed. Information suggests that the attackers may have been in M&S systems since February 2025.
• The cyberattacks on Harrods, Co-op and M&S demonstrate the systemic nature of threats in the UK retail sector. Although Harrods escaped major consequences, the case highlights the need to strengthen cybersecurity, even for giants with billions of turnover. Retailers should review their security policies, including access monitoring, network segmentation and response plans.