Hackers Steal Data of 430,000 Customers from Harrods

London, England — The luxury department store Harrods has confirmed that hackers stole data from approximately 430,000 customer records in a recent cyber incident. The breach, disclosed to customers on September 26, 2025, involved basic personal information obtained from a third-party provider.

Harrods stated that the compromised data does not include sensitive financial details such as payment information or passwords. A spokesperson emphasized that the focus of the company is on informing and supporting affected customers. “Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” the spokesperson said.

The stolen data reportedly includes names and contact details provided by customers, along with marketing preferences and loyalty card information. However, Harrods reassured that this information is unlikely to be useful to unauthorized parties.

This breach follows a similar incident earlier in the year when Harrods restricted internet access across its sites due to a hacking attempt. The company clarified that this recent breach is unrelated to those earlier hacking attempts.

Cybercriminals increasingly target third-party suppliers as a means to access larger organizations. Dray Agha, a cybersecurity expert, noted that such breaches highlight vulnerabilities in how companies manage their third-party data. Harrods has not named the affected third-party provider.

The incident reflects a troubling trend of cyberattacks on major UK businesses. Earlier this year, Co-op confirmed a data breach affecting 6.5 million members, while Marks & Spencer faced significant disruption due to a cyber incident.

Customers concerned about the breach have been directed to a dedicated helpline and online support portal. Harrods continues to monitor the situation and cooperate with authorities.