Luxury department store Harrods has warned customers that their personal information may have been stolen following an IT systems breach involving a third-party supplier.
In an email sent to customers, Harrods confirmed that names and contact details of some online shoppers were exposed. The company said no passwords or payment details were taken and described it as an “isolated incident” that has now been contained.
The breach didn’t affect Harrods’ own internal systems, and the retailer has reported the incident to the relevant authorities. However, this is the second cybersecurity scare this year for the brand. In May, Harrods briefly restricted internet access following another attempted hack.
Harrods isn’t alone. A loosely connected group of hackers has targeted other major UK retailers, including Marks & Spencer and the Co-op. The National Crime Agency has since arrested several suspects believed to be involved.
How shoppers can protect themselves
While Harrods says the issue is contained, customers are urged to stay alert for any suspicious emails or contact claiming to be from the brand.
If you’ve received an email from Harrods about the recent data breach, don’t panic, but do take steps to stay safe. Even if your passwords and payment details weren’t stolen, personal information like your name and email address can still be valuable to criminals.
Here’s what you should do next:
1. Watch out for phishing scams
Fraudsters may use the stolen data to send convincing fake messages that look like they’re from Harrods. These emails might mention your name, your past purchases or even fake refund offers. Be cautious of any messages asking for login details, payment confirmation or urgent action — Harrods will never contact you this way.
2. Don’t click suspicious links
If you’re unsure, don’t click. Go directly to the official Harrods website or app instead of following links in emails or texts. Check the sender’s address carefully — scammers often use domains that look similar but aren’t genuine.
3. Check your accounts for unusual activity
Review your online shopping and bank accounts regularly. Look for small test transactions or unfamiliar login attempts, as they’re often early signs of fraud.
4. Strengthen your passwords
If you reuse passwords across sites, change them now. Use unique, complex passwords for each account, and consider a password manager. Where possible, enable two-factor authentication for extra protection.
For more information on how to stay safe, check out our handy guide.
Retail data breaches: a growing threat for shoppers
From Harrods to Marks & Spencer and the Co-op, recent cyber attacks have shown that even the most trusted high street names aren’t immune to data breaches.
Hackers are increasingly targeting third-party providers — the outside companies that handle everything from customer service to IT support. When these systems are compromised, personal data from millions of shoppers can be exposed in one hit.
Even if payment details aren’t taken, names, emails and addresses can still be misused for phishing scams, identity theft or online fraud. Once data leaks online, it’s almost impossible to claw back.
The damage isn’t just financial. Victims often deal with stress, loss of trust, and privacy worries that linger long after the headlines fade. In some cases, stolen data ends up traded on the dark web, where it can be used months or even years later.
What needs to change?
Cyber experts say retailers must do more to secure supply chains and audit third-party systems — not just their own.
Too often, retail breaches end with carefully worded statements and vague assurances that lessons have been learned. But shoppers rarely see meaningful change. The same mistakes are repeated, and trust erodes a little further each time.
At Join the Claim, we believe accountability should go beyond apologies. That means transparency about what went wrong, fair redress for those affected, and stronger safeguards to stop it happening again.
We’ll continue to monitor developments in the Harrods breach and other major cases, and we’ll share updates as soon as more information becomes available. If a group legal action goes ahead, as has happened with M&S and the Co-op, victims of the Harrods data breach may be eligible to claim compensation.
Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.
