Harrods becomes the third major UK retail store to suffer a cyberattack in under two weeks

The UK’s luxury department store, Harrods, has confirmed it was the target of a recent cyberattack attempt. This follows incidents at Marks & Spencer and the Co-op, making it the third attack on a major UK retailer in under two weeks.

"We recently experienced attempts to gain unauthorised access to some of our systems," Harrods said, confirming the breach." However, the company emphasized that its IT security team acted swiftly, implementing proactive countermeasures, including restricting internet access at its locations as a precaution.

“All sites including our Knightsbridge store, H beauty stores, and airport stores remain open to welcome customers,” the company added, noting customers could use its website as usual. The retail giant didn’t elaborate on the nature of the attack or what “restricted internet access” entails.

Growing unease for big retailers

The attack comes days after Marks & Spencer and the Co-op both reported similar incidents. M&S, in particular, has seen significant disruption, with online orders, returns, and even some in-store operations affected. CEO Stuart Machin issued a public apology, acknowledging the challenges faced by customers and employees alike.

Meanwhile, Co-op has scaled back remote access for staff and issued internal warnings, though it maintains that most operations remain unaffected.

Suspected ransomware

Although none of the companies have confirmed the use of ransomware, cybersecurity analysts and insiders have pointed to possible links to the Scattered Spider group, a known affiliate of ransomware gangs. Rumors also continue to circulate about the possible use of DragonForce ransomware, although the group’s leak site has been offline for several days, adding to the mystery.

The UK’s National Cyber Security Centre (NCSC), a branch of GCHQ, is now actively assisting all three companies. Richard Horne, CEO of the NCSC, broke his silence on Thursday, urging businesses to treat the incidents as a wake-up call.

“These incidents should act as a wake-up call to all organisations,” Horne said. “The disruption caused is naturally a concern to those affected, their customers, and the public. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”