Luxury department store Harrods has become the latest major UK retailer to be targeted in a growing wave of cyber attacks that is disrupting operations across the sector.
In a statement released on Thursday, Harrods confirmed it had detected an attempted cyber breach, prompting it to restrict internet access across several of its physical locations as a precautionary measure. The store emphasised that despite the disruption, its flagship Knightsbridge location, airport outlets, and H beauty stores remain fully operational, along with its online platform, harrods.com.
“We recently experienced attempts to gain unauthorised access to some of our systems,” Harrods said. “Our experienced IT security team took immediate action to protect our infrastructure.”
Although the retailer did not disclose the extent of the attempted breach or its source, customers were advised that no immediate action is required on their part.
UK Retail Sector Under Siege
Harrods joins a growing list of British retailers caught in the crosshairs of cybercriminals. Earlier this week, the Co-op was forced to shut down segments of its IT network after detecting an intrusion attempt, while Marks & Spencer (M&S) is still reeling from a devastating ransomware attack that has disrupted online sales and left some physical stores with empty shelves.
Cybersecurity experts warn that these incidents are not isolated and could be part of a broader, coordinated effort targeting the retail sector.
Richard Horne, CEO of the National Cyber Security Centre (NCSC), described the string of attacks as a “wake-up call” for UK retailers, urging companies to strengthen their cyber defences immediately.
“We are working closely with impacted organisations to understand these threats and deliver tailored guidance,” Horne said.
Supply Chain Suspicions and Security Gaps
Cody Barrow, former NSA cybersecurity leader and now CEO of EclecticIQ, suggested that retailers should now assume they are prime targets for cyber attacks due to their vast reserves of customer data and critical operational systems.
“For consumers, this means staying alert: change passwords, monitor bank accounts, and remain cautious about phishing scams,” he advised.
Toby Lewis, Head of Threat Analysis at Darktrace, raised concerns that the three high-profile breaches could be linked by a common vendor or software platform, or they may represent a domino effect, where one incident triggered others to investigate and uncover threats previously undetected.
“This highlights how difficult it is for even large retailers to secure their supply chains against increasingly sophisticated attacks,” he noted.
M&S Attack Traced to ‘DragonForce’
The cyber assault on Marks & Spencer is believed to be a ransomware attack executed by the hacker group known as “DragonForce.” This form of malware encrypts essential files, effectively locking organisations out of their systems unless a ransom is paid.
Although the Co-op has not disclosed specifics, reports have emerged suggesting internal security measures have tightened significantly. Staff are now required to keep cameras on during remote meetings and verify all participants, signalling fears that hackers may have infiltrated digital communications.
Government Seeks Answers
The UK Parliament’s Business and Trade Committee has entered the fray. Chair Liam Byrne MP has formally requested that M&S CEO Stuart Machin provide clarification regarding the company’s cybersecurity protocols and whether they met the standards advised by the NCSC prior to the breach.