Harrods has warned some customers that their personal data may have been taken in an IT breach, after a system belonging to one of its third-party providers was compromised.
Information such as names and contact details of its e-commerce customers was taken, the luxury department store in Knightsbridge, London, said.
“We have been notified by one of our third-party providers that some Harrods e-commerce customers’ personal data has been taken from one of their systems,” Harrods said in a statement.
“We have informed affected customers that the impacted personal data is limited to basic personal identifiers, including name and contact details, but does not include account passwords or payment details.
“The third party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities.”
Harrods says passwords and payment details were unaffected in the breach. Photograph: Mina Kim/Reuters
In May, Harrods restricted internet access across its sites as a precautionary measure after an attempt to break into its systems.
The spokesperson added: “No Harrods system has been compromised and it is important to note that the data was taken from a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year.”
In July, four people were arrested for their suspected involvement in cyber-attacks against Marks & Spencer, the Co-op and Harrods.
skip past newsletter promotion
Sign up to Business Today
Get set for the working day – we’ll point you to all the business news and analysis you need every morning
Privacy Notice: Newsletters may contain information about charities, online ads, and content funded by outside parties. If you do not have an account, we will create a guest account for you on theguardian.com to send you this newsletter. You can complete full registration at any time. For more information about how we use your data see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.
after newsletter promotion
Two men aged 19 – along with a 17-year-old boy and 20-year-old woman – were detained on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act, and participating in the activities of an organised crime group. They have been bailed pending inquiries.
M&S was attacked in April in an incident that forced its online store to close for nearly seven weeks. The Co-op was attacked in the same month, and had to shut down parts of its IT system.
