Harrods has warned some customers that their personal data may have been taken in an IT breach, after a system belonging to one of its third-party providers was compromised.
Information such as names and contact details of its e-commerce customers was taken, the luxury department store in Knightsbridge, London, said.
“We have been notified by one of our third-party providers that some Harrods e-commerce customers’ personal data has been taken from one of their systems,” Harrods said in a statement.
“We have informed affected customers that the impacted personal data is limited to basic personal identifiers, including name and contact details, but does not include account passwords or payment details.
“The third party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities.”
In May, Harrods restricted internet access across its sites as a precautionary measure after an attempt to break into its systems.
The spokesperson added: “No Harrods system has been compromised and it is important to note that the data was taken from a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year.”
In July, four people were arrested for their suspected involvement in cyber-attacks against Marks & Spencer, the Co-op and Harrods.
Two men aged 19 – along with a 17-year-old boy and 20-year-old woman – were detained on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act, and participating in the activities of an organised crime group. They have been bailed pending inquiries.
after newsletter promotion
M&S was attacked in April in an incident that forced its online store to close for nearly seven weeks. The Co-op was attacked in the same month, and had to shut down parts of its IT system.
Quick GuideContact Guardian Business about this story
Show
The best public interest journalism relies on first-hand accounts from people in the know.
If you have something to share on this subject you can contact the Business team confidentially using the following methods.
Secure Messaging in the Guardian app
The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.
If you don’t already have the Guardian app, download it (iOS/Android) and go to the menu. Scroll down and click on Secure Messaging. When asked who you wish to contact please select the Guardian Business team.
SecureDrop, instant messengers, email, telephone and post
If you can safely use the tor network without being observed or monitored you can send messages and documents to the Guardian via our SecureDrop platform.
Finally, our guide at theguardian.com/tips lists several ways to contact us securely, and discusses the pros and cons of each.