Harrods has alerted some customers that their personal data may have been compromised due to a cyberattack involving a third-party IT provider. The luxury department store, located in Knightsbridge, London, issued a statement confirming that personal details of certain e-commerce customers were accessed.

In the statement, Harrods said, “We have been notified by one of our third-party providers that some Harrods e-commerce customers’ personal data has been taken from one of their systems.” The store reassured customers that the affected data is limited to basic identifiers, such as names and contact details, and does not include account passwords or payment information.

The company emphasised that this incident is isolated and has been contained. They are collaborating closely with the third-party provider to ensure all necessary actions are being taken. Harrods has also notified relevant authorities about the breach.

An email was sent to affected customers on Friday evening, clarifying that Harrods' own systems remain secure and that this breach is not connected to a previous cyberattack in May. This incident follows the arrest of four individuals in July, suspected of involvement in cyberattacks targeting Harrods, Marks & Spencer, and the Co-op. A 20-year-old woman from Staffordshire and three males aged between 17 and 19 were detained in London and the West Midlands, but all have since been released on bail.