Harrods has warned some of its customers that their personal data may have been taken in an IT systems breach, months after it was targeted by a suspected cyber attack in May.
The luxury department store said customer names and contact details have been taken after one of its third-party provider systems was compromised.
It said the affected e-commerce customers have been informed and that the impacted data is “limited to basic personal identifiers”, adding that passwords or payment details were not affected in the breach.
In a statement, Harrods said: “We have been notified by one of our third-party providers that some Harrods e-commerce customers’ personal data has been taken from one of their systems.
“We have informed affected customers that the impacted personal data is limited to basic personal identifiers including name and contact details but does not include account passwords or payment details.
“The third party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities.”
The breach comes four months after the major retailer said it had been fighting “attempts to gain unauthorised access to some of our systems”, after major brands Marks & Spencer and the Co-op Group recently endured similar incidents.
The store said it had been forced to restrict internet access across its sites in May as a precautionary measure.
A spokesperson said the latest third-party breach is unconnected to the attack earlier this year.
In July, four people, including two men aged 19, a 17 year-old boy and a 20-year-old woman who were arrested for their suspected involvement in damaging cyber attacks against Marks & Spencer, the Co-op and Harrods, were bailed pending further inquiries.
They were arrested on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act, and participating in the activities of an organised crime group, according to the National Crime Agency.
M&S stopped online sales for around six weeks after a ransomware attack and warned that the incident could cost it around £300 million. The Co-op said the attack on its operation over the summer cost £206m.
Other major UK companies have also suffered cyber-attacks this year, including Jaguar Land Rover, which has halted production since August.
The car manufacturer announced earlier this week that manufacturing would not resume until October at the earliest.
In August, a report revealed that the UK is now the third most targeted country in the world for malware after seeing over 100 million cyber attacks in the previous three months.
Research from cyber security firm NordVPN found that the UK now ranks behind only the US and Canada in terms of malware activity, having experienced a 7 per cent rise between the first and second quarter of the year.
