Harrods ‘not engaging’ with hackers following customer data leak

Harrods has announced it will not be engaging with hackers after the personal details of an estimated 430,000 customers were exposed following a data breach.

The luxury department store revealed the information, which includes basic personal identifiers including name and contact details but does not include account passwords or payment details, was accessed via a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year.

It added that the third-party has confirmed this is an isolated incident which has been contained, and it is working closely with them to ensure that “all appropriate actions are being taken”. No Harrods system has been compromised.

In a statement on Sunday, Harrods said: “We have received communications from the threat actor and will not be engaging with them. We proactively informed affected e-commerce customers on Friday that the impacted personal data is limited to basic personal identifiers including name and contact details (where this information has been provided). It does not include account passwords or payment details.

“Affected customer records may also have labels related to marketing and services delivered by Harrods. These labels may include tier level or affiliation to a Harrods co-branded card although this information is unlikely to be interpreted accurately by an unauthorised third party.”

It added: “We would like to reiterate that no payment details or order history information has been accessed and the impacted personal data remains limited to basic personal identifiers as advised previously. It is important to note that the information was taken from a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year.

“Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them.”