Harrods has warned customers that hackers may have accessed personal data in the latest cyberattack to hit a major UK business.
The luxury department store confirmed that “names and contact details” were stolen from a third-party system used for its online shopping platform. Harrods stressed that no payment card information or passwords were affected.
In July, police arrested four people, including a 17-year-old boy, on suspicion of involvement in cyberattacks on Harrods, the Co-op, and Marks and Spencer. All were bailed pending further investigation.
Cyberattacks have surged in recent months across the UK. Last week, hackers targeted nursery chain Kido, stealing names, addresses, and images of around 8,000 children, with some of the data later published on the dark web. Parents reported receiving threatening phone calls linked to the breach.
Thousands of airline passengers at Heathrow and other European airports also faced delays following a ransomware attack on Collins Aerospace. The National Crime Agency confirmed a man in his 40s was arrested in West Sussex, though inquiries are ongoing.
Meanwhile, Jaguar Land Rover’s production lines remain shut down after a cyberattack in August and may not restart until November. Transport companies including LNER and Qantas have also reported major disruptions, while last year the NHS was forced to postpone 11,000 appointments and procedures after a ransomware attack.
The rise in high-profile breaches has raised doubts over Prime Minister Keir Starmer’s plans to introduce digital ID cards to tackle illegal working. More than 1.6 million people have signed a parliamentary petition opposing the scheme. Professor Alan Woodward of the University of Surrey warned that “an ID card database would present a huge target for hackers.”
Despite the growing threat, reliable figures on the scale of cyberattacks in the UK remain scarce. According to the Royal United Services Institute (RUSI), hackers range from organised criminal groups to state-sponsored actors from countries such as Russia and China, as well as politically motivated hacktivists.
A government survey recently found that half of UK businesses reported a security breach within the past year. A new Cybersecurity and Resilience Bill aims to make incident reporting mandatory, though its slow progress has frustrated experts. Jamie MacColl, senior research fellow at RUSI, noted that “major cybersecurity incidents are not good for economic growth,” urging faster government action.
