Excerpt from GBHackers Article, Published on September 30, 2025
Luxury British department store Harrods has disclosed a significant data breach impacting approximately 430,000 customer records. The breach occurred via a third-party service provider and involved the unauthorized access of personal data including customer names, contact details, marketing preferences, loyalty card information, and co-branded card affiliations. Importantly, Harrods confirmed that no payment details, passwords, or sensitive financial information were compromised in the incident.
Harrods was contacted directly by the threat actors behind the breach but has firmly stated it will not engage with the attackers. The company has proactively informed all affected customers and relevant regulatory authorities, emphasizing its commitment to supporting customers and monitoring the situation closely. A Harrods spokesperson highlighted that the stolen data mainly comprised basic personal identifiers and the breach affected only a minority of the retailer’s customer base, as many prefer physical stores over digital channels.
This breach follows a pattern of increasing cyberattacks in the UK retail sector in 2025, which have also affected retailers such as Marks & Spencer, Co-op, and Jaguar Land Rover. While Harrods’ internal systems were not compromised, this incident highlights vulnerabilities in third-party data management systems that many companies rely upon. Customers impacted by the breach are advised to remain vigilant against phishing or social engineering attacks that may use the exposed personal information.
To delve deeper into this topic, visit the GBHackers article.
