Third-Party Data Breach Hits Harrods, Leaking Over 430,000 Customer Records - CPO Magazine
Harrods disclosed a third-party data breach after cybercriminals stole over 430,000 customer records and demanded ransom, though the retailer refused to pay and confirmed the incident was unrelated to a previous Scattered Spider attack. The breach exposed basic personal identifiers including names and contact information but did not compromise account passwords or payment details, affecting only a small fraction of Harrods’ primarily offline customer base. Harrods notified authorities, confirmed the incident was contained with no ongoing illegal access, and is working with the impacted third-party provider to verify security measures while not disclosing the provider’s identity or ransom amount. Customers should watch for phishing attempts and monitor accounts for suspicious activity.
