Harrods, a luxury retailer in the United Kingdom, experienced a cyberattack. This incident follows cyberattacks on fellow retailers Co-op and Marks & Spencer, in which Co-op was forced to shut down portions of its IT systems while Marks & Spencer continues to navigate the fallout. Harrods reportedly restricted internet access at its sites after noting an attempt to gain unauthorized access to systems. At this time, Harrods’ flagship store remains open. Online sales continued, and as of Thursday evening, the online store appears to be operating normally.  

Security leaders weigh in 

Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ:

U.K. retailer giant Harrods has confirmed that it was a victim of a cyberattack that caused the company to restrict access to some platforms. The company has not confirmed whether the attack breached any data. The news comes in the same week that fellow U.K. retailers, Marks & Spencer and Co-op, were also targeted in similar attacks.

The close proximity of these attacks could suggest that one threat actor is responsible for all three. Scattered Spider, who has been linked to the attack on M&S, is the most likely culprit, although not enough is known to make definitive accusations yet.

More than anything, these attacks highlight the need for organizations to implement systems that can proactively combat potential threats. Adversarial exposure validation becomes more critical as attackers become more advanced, driven by the increased growth and enhancement of AI. The visibility that AEV provides organizations into their security systems allows them to address exploitable vulnerabilities and go on the offensive against malicious threat actors, rather than always playing defense.

Lee Driver, Director of Managed Security Services at Ekco:

Luxury retailers like Harrods are prime targets for cyberattacks. They hold vast amounts of sensitive customer data, and even brief downtime can result in serious brand damage. We saw this with M&S, whose share price dropped 7% after its cyber incident.

Retailers operate within complex ecosystems, involving intricate supply chains, numerous suppliers, employees, and digital touchpoints. Once attackers gain entry, they can move laterally through systems at alarming speed. That’s why it’s of paramount importance that organizations can detect and respond to cyber incidents swiftly and effectively, ensure they have robust business continuity plans in place to recover, and communicate clearly with stakeholders throughout the incident. 

Harrods’ swift move to restrict internet access was a sensible precaution, but the incident underscores a crucial point in cybersecurity: as threats grow more sophisticated, organizations must stay one step ahead by building resilience, strengthening defenses, and ensuring they are prepared to respond to an ever-evolving threat landscape.

Dr. Darren Williams, Founder and CEO of BlackFog: 

On the heels of the Marks & Spencer attack, the Harrods attack highlights the escalation of cyberattacks globally and the new arms race in the use of AI for targeting high-value targets. While there is no evidence that this is from the same group of attackers, it does align with the highly tuned targeting we have seen this year and the 45% increase in attacks through Q1 of 2025.

The attempts to gain unauthorized access to Harrods’ systems is just another example of how data exfiltration is used to target and ultimately extort victims. With bad actors continuing to remain latent for months — and sometimes years — before launching full-scale attacks, detecting these attacks is becoming crucial in the fight against ransomware.