Landmark London Hear Havise Store Harrods warned that cybercriminals contacted a number of customers. Theft of their personal data from his IT systemsField
Harrods previously stated that hackers themselves contacted him, and that he did not participate and did not negotiate with them. High -quality retailer called on customers to follow similar protocols, in accordance with generally accepted Expert CouncilField
“We know that someone who clearly took some personal data from one of the third-party suppliers' systems was directly contacted with some customers of e-commerce,” said Harrods, representative of Harrods Weekly.
“We notified all the relevant authorities, including the National Cybersecurity Center and the metropolitan police unit in cybercrime, and they are actively investigating.
“Negotiations with cybercriminals do not lead to any guarantees regarding what they can do with the information to which they turned to,” the representative said.
“We apologize to customers for inconvenience and would like to repeat that access to personal data is limited to the main personal identifiers, such as the name and contact details. ”
The Computer Weekly contacted Harrods to establish detailed information about the nature of these contacts, but the organization refused to provide additional information.
It is possible that hackers are trying to extort people whom they perceive as high pure capital.
In some cases, especially the attacks of extortionists, It is also not unknown In order for cybercriminals to contact customers to call their victims to satisfy the requirements of extortion.
Nevertheless, at the time of writing, there are no signs that Harrods suffered from Ransomware.
A third -party risk of reputation
The invasion of Harrods was discovered last week, and the retailer stated that it was organized through the systems of the still unsolved third -party supplier IT.
Attackers got rid of the personal data of 430,000 buyers, although at the time of writing, not a single credit card or other financial details were compromised.
“The second violation of Harrods in six months should eliminate any illusion of security through prestige. A retailer may not interact with an attacker, but cybercriminals, of course, interact with them, and the brand pays the price, ”said ECLECTICIQ CEO of Cody Barrow.
“This incident was not a direct blow, but a reminder that the supply chains are now battlefields. Clients data, loyalty snowstorms and contact information are enough to start very convincing fraud and cause long -term damage to trusting trust. Once again, attackers did not need to storm the front door when the rear entrance was widely open.
“The alarm called for many years. What has changed is the cost of ignoring its-regulating fines that reach profits, the desertion of the client, which is damaged by the assessment, and responsibility at the level of the personal council, which follows the leaders of the house. The question is not whether you are acting whether you are acting now or after your brand receives a blow, ”Barrow said.
The incident is the second cyber attack that got into Harrods this year – in May Retail was struck by a wave of incidents It is attributed to the scattered gang of spidersbut unlike other victims such as brands and spencer (M&S) and cooperative groupIt seemed that it arose from the attack largely unharmed. There are no signs that the two incidents are connected in a way.
