Luxury retailer Harrods discloses an IT breach linked to a third-party provider, exposing customer data amid a surge in cyber-attacks targeting UK retailers in 2025. Authorities have intervened as industry experts warn of increasingly sophisticated cyber threats.
Harrods has announced that some of its customers’ personal data may have been compromised in an IT breach linked to one of its third-party providers. The luxury department store disclosed that the data taken included basic personal identifiers such as names and contact details, but did not encompass sensitive information like account passwords or payment details. According to Harrods, the breach was an isolated incident, separate from earlier attempts to infiltrate its own systems earlier this year, and the company is working closely with the third party involved to contain the issue and prevent further risks. Relevant authorities have been informed as part of the response efforts.
This latest breach follows a series of cyber threats targeting major UK retailers throughout 2025. Harrods itself was affected by a cyber-attack in May, during which its IT security team restricted internet access across its premises as a precautionary measure. Despite this disruption, the department store’s physical locations and online shopping services remained operational, with no data believed to have been accessed at that time. Similar cyber-attacks recently hit other prominent retailers including Marks & Spencer and the Co-op, causing significant operational impact, particularly for M&S which saw its online store shuttered for nearly seven weeks.
In a notable development linked to these attacks, UK police arrested four individuals aged between 17 and 20 in July on suspicion of offences encompassing blackmail, money laundering, breaches of the Computer Misuse Act, and participation in organised crime groups. These arrests came following an investigation led by the National Crime Agency and its National Cyber Crime Unit. The suspects are believed to be connected to the spate of cyber-attacks that targeted Harrods alongside Marks & Spencer and the Co-op earlier in the year. Authorities have seized electronic devices to support ongoing inquiries.
Industry experts have noted the growing sophistication and persistence of cyber threats against retail giants, with groups like Scattered Spider suspected of involvement in coordinated attacks across multiple companies. The incidents have raised broader concerns within the UK retail sector about cybersecurity vulnerabilities and the effectiveness of current defence mechanisms in protecting customer data and business continuity.
As Harrods addresses this latest breach, it continues to stress that no internal systems were compromised in the recent incident and reassures customers that it is taking all necessary measures to preserve the security of their information while cooperating fully with authorities and cybersecurity specialists.
📌 Reference Map:
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative is fresh, dated September 26, 2025. It references a previous incident from May 2025, providing updated information. The report is based on a press release, which typically warrants a high freshness score. No discrepancies in figures, dates, or quotes were found. No earlier versions show different information. No recycled content or republishing across low-quality sites was identified. The update justifies a higher freshness score but should still be flagged.
Quotes check
Score:
9
Notes:
The report includes direct quotes from Harrods’ statement. No identical quotes appear in earlier material. No variations in quote wording were found. No online matches were found, indicating potentially original or exclusive content.
Source reliability
Score:
10
Notes:
The narrative originates from The Guardian, a reputable organisation. This adds credibility to the report.
Plausability check
Score:
9
Notes:
The report’s claims are plausible and consistent with known information. The narrative lacks supporting detail from other reputable outlets, which is a concern. The tone and language are consistent with typical corporate communications. No excessive or off-topic detail unrelated to the claim was noted. No unusual drama or vagueness in tone was observed.
Overall assessment
Verdict (FAIL, OPEN, PASS): PASS
Confidence (LOW, MEDIUM, HIGH): HIGH
Summary:
The narrative is fresh, with no recycled content or discrepancies. It includes original quotes and originates from a reputable source. While it lacks supporting detail from other reputable outlets, the claims are plausible and consistent with known information.
Supercharge Your Content Strategy
Feel free to test this content on your social media sites to see whether it works for your community.
