Harrods has warned some customers that their personal data may have been taken in an IT breach, after a system belonging to one of its third-party providers was compromised.
Information such as names and contact details of its e-commerce customers was taken, the luxury department store in Knightsbridge, London, said.
“We have been notified by one of our third-party providers that some Harrods e-commerce customers’ personal data has been taken from one of their systems,” Harrods said in a statement.
“We have informed affected customers that the impacted personal data is limited to basic personal identifiers, including name and contact details, but does not include account passwords or payment details.
“The third party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities.”
In May, Harrods restricted internet access across its sites as a precautionary measure after an attempt to break into its systems.
The spokesperson added: “No Harrods system has been compromised and it is important to note that the data was taken from a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year.”
In July, four people were arrested for their suspected involvement in cyber-attacks against Marks & Spencer, the Co-op and Harrods.
after newsletter promotion
Two men aged 19 – along with a 17-year-old boy and 20-year-old woman – were detained on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act, and participating in the activities of an organised crime group. They have been bailed pending inquiries.
M&S was attacked in April in an incident that forced its online store to close for nearly seven weeks. The Co-op was attacked in the same month, and had to shut down parts of its IT system.