Luxury department store Harrods has confirmed it has been hit by a cyber attack, joining a growing list of major UK retailers dealing with similar incidents.
In response to the attempted breach, Harrods stated it had "restricted internet access at our sites" to protect its systems. Despite the attack, the retailer said its flagship Knightsbridge store, airport outlets, and H beauty locations remain open, and its online store continues to operate as usual.
“We recently experienced attempts to gain unauthorised access to some of our systems,” Harrods said in a statement. “Our seasoned IT security team immediately took proactive steps to keep systems safe.” Customers have been advised that there is no need for them to take any action at this time.
The news follows a series of cyber incidents in the retail sector. Just a day prior, the Co-op shut down parts of its IT infrastructure to counter a hacking attempt, and Marks & Spencer continues to suffer operational disruptions stemming from a cyber attack believed to have cost millions in lost revenue. M&S customers are still unable to place online orders, and some stores are reportedly experiencing product shortages. The police are investigating the matter.
Commenting on the broader threat, Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), warned that the recent incidents should serve as a "wake-up call" for all three retailers. He said the NCSC is working with the affected businesses to assess the nature of the attacks and share relevant insights across the industry.
Cody Barrow, former NSA cyber chief and now CEO of cybersecurity firm EclecticIQ, highlighted the increasing vulnerability of retailers. “Retailers hold vast amounts of customer data and face significant disruption risks, making them prime targets,” he said. Barrow urged consumers to stay alert, update passwords, monitor accounts, and be wary of scams linked to recent breaches.
Meanwhile, the Co-op has introduced unusual internal security measures, reportedly requiring staff to keep webcams on during remote meetings and verify attendees—raising concerns that hackers may have infiltrated communications.
Toby Lewis, Head of Threat Analysis at cybersecurity firm Darktrace, said the attacks on Harrods, Co-op, and M&S could be coincidental, but also suggested other possibilities. One is that the retailers may share a vulnerable supplier or technology platform. Another is that the high-profile attack on M&S may have prompted others to discover suspicious activity they would have otherwise overlooked.
“These events highlight how complex and widespread supply chain threats have become, especially as cyber attacks increase in sophistication and scale,” Lewis said.
The attack on M&S is believed to be ransomware-based, in which hackers encrypt key data and demand payment for its release. Security experts told the BBC that a group known as “DragonForce” is likely behind the incident.
Details on the nature of the attack on the Co-op have not been disclosed. In Parliament, Liam Byrne, Chair of the Business and Trade Committee, has formally requested more information from M&S about its cybersecurity protocols and compliance with national guidelines. Photo by user: Sokkk y, Wikimedia commons.