As the well-known Marks and Spencer retail group in the U.K. continues to struggle with the consequences of a successful ransomware attack, a global name in the luxury retail world has confirmed that it too has been subject to a cyberattack. Harrods has said that it “recently experienced attempts to gain unauthorised access to some of our systems.” Here’s what we know so far about the hackers at Harrods.
The Harrods Cyberattack – What We Know So Far
A recent string of attacks against U.K. high-street retail chains, including M&S and The Co-Op, has hit hard in the last few days. Although M&S has confirmed it has fallen victim to ransomware attackers, it is currently unconfirmed whether the same criminal group is behind the attack on The Co-Op or, indeed, the latest incident involving the locally famous London luxury retailer Harrods.
What we do know is that hackers have targeted Harrods and a spokesperson issued a statement to that effect: “Our seasoned IT security team immediately took proactive steps to keep systems safe,” the statement said, adding that “currently, all sites, including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers.” Harrods customers are also still able to use the online shopping service at harrods.com. “We are not asking our customers to do anything differently at this point,” the spokesperson concluded, “and we will continue to provide updates as necessary.”
Harrods A Prime Target For Hackers
Luxury retailers with the brand impact of Harrods are a prime target for cyberattacks, holding vast amounts of sensitive data and likely with the resources to attract many a ransomware player. “Harrods’ swift move to restrict internet access was a sensible precaution,” Lee Driver, director of managed security services at Ekco, said, “but the incident underscores a crucial point in cybersecurity: as threats grow more sophisticated, organisations must stay one step ahead by building resilience, strengthening defences, and ensuring they are prepared to respond to an ever-evolving threat landscape.”
“It is often a precautionary measure to shut down parts of a system after a major cyberattack to mitigate any threats and prevent similar breaches,” Jake Moore, global cybersecurity advisor at ESET, said. However, Moore advised that attacks involving the ransomware thought to be behind the most recent retail attacks “most commonly start by targeting known vulnerabilities, such as attacking systems that have not been kept up to date with the latest security patches.” Businesses need to be extra vigilant and improve how quickly they update their networks as a result, delaying patching is no longer an option.
“The close proximity of these attacks could suggest that one threat actor is responsible for all three,” Andrew Costis, engineering manager of the adversary research team at AttackIQ, suggested. That threat actor could be Scattered Spider, already linked to the M&S attack. “Not enough is known to make definitive accusations yet,” Costis concluded. This is a developing story, and as any new information becomes available about the Harrods cyberattack, I will update it as necessary.
