UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information.
In a statement for BleepingComputer, the luxury department store noted that the latest incident is not related to the May cyberattack, which was attributed to Scattered Spider.
Harrods is a London-based luxury goods department store. It operates a full-featured e-commerce platform catering to international customers.
The recent data breach was first reported by media outlets in the U.K. after Harrods notified customers impacted by the incident.
Harrods told BleepingComputer that it "proactively informed affected e-commerce customers on Friday" that their names and contact details were compromised following a breach at a third-party provider. The company did not disclose the name of compromised entity.
Apart from names and contact details, some customer records also included tags and labels used internally for marketing and other services that Harrods provides.
“Affected customer records may also have labels related to marketing and services delivered by Harrods,” the luxuy goods company says.
“These labels may include tier level or affiliation to a Harrods co-branded card, although this information is unlikely to be interpreted accurately by an unauthorised third party.”
Co-branded cards are credit cards part of the company's loyalty program that have Harrods' logo and those of a card network (American Express, Visa) and a financial institution (QNB, NBK).
They can be used to earn reward points and include various benefits, like dining credits and access to special events.
... continue reading