Luxury department store Harrods has become the third retailer to be hit by a cyber incident in two weeks.
The attempted cyber-attack, which was made public on Thursday, follows similar incidents at The Co-op and Marks & Spencer (M&S).
The retailer said it has restricted access to its websites in response to the incident.
“We recently experienced attempts to gain unauthorised access to some of our systems,” the company said in a statement. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
It assured customers that all in-store locations remain open, including its Knightsbridge store, H beauty stores, and airport stores, and shopping via harrods.com is also available.
The incident comes after Co-op was hit with an attempted hack earlier this week, while fellow British retailer Marks & Spencer (M&S) continues to grapple with the impacts of a cyber-attack that has caused chaos for the retailer since last week.
Toby Lewis, head of threat analysis at global security firm Darktrace, said that because there are limited details about the attack at Harrods, it shouldn’t be ruled out that the three incidents are “coincidence”.
“However, with the information publicly available we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk,” continued the cyber expert.
Speaking about the incident at Harrods, Cody Barrow, ex-NSA cyber chief and chief executive of EclecticIQ said that it highlights an alarming trend of attacks becoming “increasingly opportunistic, exploiting weaknesses across complex, highly interconnected supply chains.”
Barrow went on to say that it is “deeply concerning” that generative AI is accelerating the threat landscape, with sophisticated phishing campaigns, deepfake social engineering, and adaptive malware now “within reach of even low-skilled attackers.”
Retailers are a key target for hackers due to the large volume of customer data they hold, as well as the high cost of operational downtime.
Earlier this week, Co-op told staff in a letter that it had “pre-emptively withdrawn access to some systems for the moment” to keep them safe.
The company closed down several business services for staff operating stores and its legal services division, while the stock monitoring system is also thought to be impacted.
M&S faced what is understood to be a ransomware attack by a criminal gang last week which has since impacted online orders, Click & Collect, and contactless payments.
On Friday, the company’s chief executive Stuart Machin issued a statement to customers ahead of the bank holiday weekend: “We are really sorry that we’ve not been able to offer you the service you expect from M&S over the last week. We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible. Thank you from me and everyone at M&S for all the support you have shown us. we do not take it for granted and we are incredibly grateful.”
He went on to say that M&S is ready to welcome customers to stores over the bank holiday. However, online orders are currently still paused.
The retailer stopped taking online orders last Friday as part of what it described as “proactive management” of the incident.
Earlier this week, the retailer instructed approximately 200 agency staff at its Castle Donington distribution centre in central England to stay home.
Agency workers, who typically support the warehouse during busier periods and constitute about 20 per cent of the distribution centre’s workforce, were told not to come in, according to a person familiar with the situation. The company’s permanent employees at the site have been instructed to report to work as normal.
It also blocked remote workers from accessing internal systems.
M&S, which sells premium groceries alongside clothing and home products, is scheduled to publish its full-year results on 21 May.
