Cyber Incident Victim: Harrods
Date:
Apr 2025
Location:
United Kingdom
Summary
Harrods reported attempts to gain unauthorized access to some of its systems, prompting the company to restrict internet access at its sites while keeping its flagship store, H beauty stores and airport locations open and maintaining normal online sales. The National Cyber Security Centre said it is working with Harrods and other affected retailers to understand the nature of the attacks and provide sector‑wide advice. Meanwhile, the Co‑op and Marks & Spencer also disclosed cyber incidents that disrupted parts of their IT operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Harrods announced that it hadrecently experienced attempts to gain unauthorised access to some of its systems and that its seasoned IT security team had taken proactive steps to keep systems safe, resulting in restricted internet access at its sites. The company stated that all sites, including its Knightsbridge store, H beauty stores and airport stores, remained open to welcome customers and that customers could continue to shop via harrods.com. Harrods noted that its online store appeared to be operating normally on Thursday evening and that it had not clarified the scale of the impact on its network, asking customers not to do anything differently at this point. The firm’s flagship store stayed open despite the restrictions on internet access, and Harrods emphasized that it continued to operate its online sales channel.
In related developments, the Co‑op reported that it had shut down parts of its IT systems in response to hackers attempting to gain access and that staff were being ordered to keep their cameras on during remote work meetings and to verify all attendees. Marks and Spencer disclosed that a cyber attack had hampered its operations, leaving customers unable to place online orders and resulting in empty shelves in some stores, with police investigating the incident. The National Cyber Security Centre said it was working closely with the companies that had reported incidents to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.
The chair of Parliament’s Business and Trade Committee, Liam Byrne, wrote to Marks and Spencer’s chief executive, Stuart Machin, requesting further information about M&S’s cybersecurity defences and whether it had adhered to the guidance given by the NCSC. Harrods is the latest retailer to be hit by a cyber attack following the incidents affecting the Co‑op and Marks and Spencer. The NCSC’s engagement with the affected firms aims to clarify the scope of the attacks and to share insights across the sector.