Harrods, the world-famous luxury department store, admitted to a major security breach. Credit card and other personal information from many of its online customers has been leaked, after a vulnerability at a third-party payment provider. Immediately after the incident, law enforcement announced a fast-tracked investigation. In doing so, they arrested a young woman of just 20 years old in Staffordshire and arrested three men, aged 17 to 19, in London and the West Midlands.
In his speech, Richard Horne, the chief executive of the National Cyber Security Centre, connected the dots between these attacks and their very real implications. He further pointed out that these types of incidents have “real world impact on real people,” emphasizing the increasing sophistication of hackers and cybercriminals. “Increasingly the attackers are getting good at causing those impacts, they’re refining their techniques,” he added.
The breach does not appear to be connected to the cyber incident that occurred in May. At that time, Harrods had limited internet access throughout its venues as a security measure. This preceding provision came on the heels of a failed effort to hack into the retailer’s internal networks. Under questioning, Harrods repeatedly insisted that its internal systems had not been breached in either case.
The personal information stolen from the third-party provider contained names and contact information for some customers who ordered online. The provider has promised Harrods that this breach is a one-off. Currently, the incident has been contained, and Harrods is working closely with the provider to ensure that all appropriate actions are taken to safeguard customer information.
In recent months, cyber attacks have received widespread attention for their dramatic impacts. Yet another hacker collective announced responsibility last week for a damaging August cyber attack. In practice, this attack brought global production lines for Jag Land Rover (JLR) to a standstill. These incidents highlight the all-too-real and dangerous threats our cybercriminals pose.
Horne remarked on the nature of these attackers, stating, “These criminal attackers… they don’t care who they hit, and they don’t care how they hurt them.” His comments reflect an urgent call for heightened vigilance and improved security measures in the face of evolving cyber threats.
As Harrods addresses this data breach, it reassures customers that it remains committed to enhancing its cybersecurity protocols to prevent future incidents. In the meantime, the store is staying tuned-in, keeping lines of communication open with its community as these efforts to track what’s going on persist.