Harrods becomes latest target in string of high-profile cyberattacks on UK retailers

No evidence so far that customer data has been compromised, London landmark says

Harrods, the world-renowned luxury department store, has become the latest high-profile British retailer to fall victim to a cyberattack, joining a growing list of major businesses targeted in recent days.

The London-based retailer confirmed that it had experienced "attempts to gain unauthorised access" to its systems earlier this week, prompting immediate action from its in-house IT security team.

While the full scale of the attack is not yet clear, Harrods reported that it was forced to shut down certain internal systems as a precaution. Internet access at its physical locations was also restricted.

Despite the disruption, Harrods assured customers that its Knightsbridge flagship store, H Beauty branches, and airport outlets remain operational. Its website also continues to function, and the company has stated that there is currently no evidence that customer data has been compromised.

"We recently experienced attempts to gain unauthorised access to some of our systems," Harrods said in a statement.

"Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today. We will continue to provide updates as necessary."

This incident comes on the heels of cyberattacks recently disclosed by two other major UK retailers, Marks & Spencer (M&S) and the Co-op.

M&S attack, which surfaced last week, has been linked to the sophisticated hacking group known as Scattered Spider.

The consequences for M&S have been extensive: its website remains offline, online orders have been halted, and some stores are experiencing stock shortages due to disabled automated inventory systems.

The retailer has also paused recruitment activities, removing more than 200 job listings from its careers website.

M&S, which employs approximately 65,000 people across the UK, has seen over £650 million wiped from its stock market value since the attack. Its loyalty and gift card systems are also currently down, compounding frustrations among customers and employees.

Co-op mandates camera use in meetings amid ongoing cyberattack response

The Co-op group, encompassing supermarket, funeral service and insurance operations, has implemented strict internal security measures for its 70,000 employees as it continues to manage an ongoing cyberattack.

Earlier this week, the Co-op reported a cyber incident, involving internal system shutdowns and increased security protocols for online meetings, including a requirement for staff to keep their cameras on to verify identities.

Although the Co-op's stores and online platforms remain functional, the retailer is monitoring the situation closely.

In an internal email, staff have been instructed to keep their cameras switched on during all remote work meetings and to meticulously verify the identities of all attendees.

The directive, part of a broader effort to enhance vigilance while IT teams work to secure company systems, also includes an explicit ban on recording or transcribing calls made via Microsoft Teams.

Co-op initially described the impact as "small", mainly affecting its call centre and back-office functions, and framed its actions as "proactive measures."

However, the internal communication, first reported by ITV News and later confirmed by the Co-op to the BBC, reveals more extensive disruption.

All remote access requiring a VPN has been suspended, preventing staff from logging into internal applications from home. Employees needing access to work tools have been told they must go to a physical Co-op location.

Furthermore, staff are warned against sharing sensitive information in Teams chats and urged to report any suspicious messages or emails immediately.

Despite these significant measures, the Co-op maintains that the cyberattack is under control and insists its response remains "proactive."

It is currently unknown if the cyberattacks targeting the Co-op and M&S are connected.

Industry experts are warning that the attacks may be linked by common vulnerabilities. Many major UK retailers, including M&S and the Co-op, use enterprise resource planning systems from SAP, potentially offering a common entry point for hackers.

The National Cyber Security Centre (NCSC) has confirmed it is working with M&S and Co-op to assess the attacks and determine whether there are any connections between them.