Harrods hit by cyber attack as UK retailers battle threats

After M&S and Co-op, the luxury retailer turns off internet access to some sites

Pedestrians crossing street in front of Harrods luxury department store in London, United Kingdom.
(Image credit: Getty Images)
Jane McCallion's avatar
By
published
in News

Harrods, the iconic luxury department store, has become the third UK retailer to be targeted by cyber criminals in the space of two weeks.

A spokesperson for the London-based retailer told ITPro that it had “restricted internet access at our sites”.

“We recently experienced attempts to gain unauthorised access to some of our systems,” the spokesperson added. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”

Unlike Marks and Spencer Group (M&S), which to date seems to be the hardest hit of all three of the retailers, Harrods is still taking online orders and has encouraged customers to “not do anything differently at this point”.

What’s the cause of the cyber attacks?

It’s not known if the three incidents are coincidence, a coordinated attack, or something else.

Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, said that while details remain scarce, it shouldn’t be ruled out that all three are a coincidence.

“However, with the information publicly available we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn't have previously judged a risk,” he said.

ITPro approached Harrods for comment on how the intrusion was first detected, but hadn’t received a response at the time of publication.

The original attack on M&S, meanwhile, has been attributed to hacking group Scattered Spider according to Bleeping Computer.

According to the website, which cites unnamed “multiple sources”, the problems were caused by “a ransomware attack that encrypted the company’s servers”.

Scattered Spider has been active since 2022 and is behind several high-profile attacks on MGM Resorts in 2023, Twilio, LastPass, GitLab, Apple, and Walmart.

While Spanish authorities claimed they had arrested the alleged ringleader of the group, Robert McArdle, director of forward threat research at Trend Micro, said the group doesn't operate like "traditional ransomware groups we associate with Russian-speaking cyber crime".

"They are a much looser connected network of individuals who assemble together for individual attacks and resemble the structure of Hacktivist groups like past activity of Anonymous," he explained.

“Scattered Spider has routinely targeted retail providers – as shown by the domain names registered by the group for use in phishing campaign efforts – so targeting M&S would be 'on-brand',” he added.

MORE FROM ITPRO

Jane McCallion
Jane McCallion
Managing Editor

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.

Latest