Prestigious London department store Harrods He was again amazed at a serious cyber incident after more than 400,000 customer entries were stolen with a third side of the data violation from an unsolved supplier.
Harrods emphasized that the incident affected a small part of its buyers-browning its customers prefer to make purchases in the store, and not on the Internet, and that the incident is not related to Trying a scented spider attack In their systems at the beginning of this year.
There is also no evidence to associate a violation with the ongoing Salesloft Drift – incident Salesforce This included the theft of authentication tokens.
“We were notified by one of our third -party suppliers that some personal data of Harrods e -commerce customers were taken from one of their systems. We informed the customers affected that the affected personal data is limited by the main personal identifiers, including the name and contact details, but do not include passwords of accounts or payments about payments, ”said the Harrods Spock-Secretary.
“The third party confirmed that this is an isolated incident that is restrained, and we are closely cooperating with them to guarantee that all relevant actions are taken.”
Harrods additionally confirmed that in some customer records there may be labels related to marketing or other services that it provides, such as loyalty levels or belonging to CO-braid cards.
“Our attention remains on the basis of informing and supporting our customers. We informed all the relevant authorities and will continue to cooperate with them, ”said Harrods.
On the weekend it turned out that the actor of the threat was responsible was in communication with the retailerBut the company additionally stated that it does not interact with its attackers.
Nevertheless, Jamie Moles said, Extrachop The senior technical manager, a violation of the following identified very valuable personal information.
“This type of data set is a gold residential for cybercriminals, allowing convincing phishing campaigns, collecting powers and even identification fraud,” Moles said.
“The fact that the compromise arose from a third -party supplier emphasizes one of the most constant problems in cybersecurity: the risk of supply chain. Retail sellers can invest in their own protection, but one weak connection in a partner’s systems can open the door to large -scale data theft.
He added: “The urgent question is how long before being discovered attackers, and what else they could view or pass.”
Mariano Gomid, General Director VTEX – The e -commerce platform – said that it was clear from the response of Harrods that the lessons were extracted from a multiple incident with a spider.
“The last violation of Harrods was met with clearer stages of incidents, since customers and authorities were informed, the attackers were dismissed, and subsequent actions were determined. This contradicts more limited precautions undertaken during the incident in May 2025, ”said Gomid.
Gomid said that retailers should work on the modernization of basic systems with built -in safety and conformity so that they would not at risk branding and customer trust.
“Clients do not see third -party suppliers or integrations behind the scenes. They see the brand that they decided to buy, and it is there that the responsibility remains, ”he said.
“If retailers do not want to continue to place their name on the line for decisions for bolts, it is necessary to create modern disciplines in a single trade for development and adaptability at the basis.
“Brends should be able to continue to provide innovative and personalized impressions, without leaving their reputation related to the inability of integration,” Gomid said.
