Harrods ‘not engaging’ with hackers after data breach

The breach is unconnected to attempts to gain unauthorised access to Harrods systems earlier this year, the company said.

In a statement on Sunday, Harrods said: “We have received communications from the threat actor and will not be engaging with them.

“We proactively informed affected e-commerce customers on Friday that the impacted personal data is limited to basic personal identifiers including name and contact details, where this information has been provided. It does not include account passwords or payment details.

“Affected customer records may also have labels related to marketing and services delivered by Harrods. These labels may include tier level or affiliation to a Harrods co-branded card although this information is unlikely to be interpreted accurately by an unauthorised third party.

“We would like to reiterate that no payment details or order history information has been accessed and the impacted personal data remains limited to basic personal identifiers as advised previously.

“It is important to note that the information was taken from a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year.”

In May, Harrods reacted to the attempted breach by restricting internet access across its sites in a precautionary measure.

In July, four people, including two men aged 19, a 17 year-old boy and a 20-year-old woman who were arrested for their suspected involvement in damaging cyber attacks against Marks & Spencer, the Co-op and Harrods, were bailed pending further inquiries.

They were arrested on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act, and participating in the activities of an organised crime group, according to the National Crime Agency.