- An IT breach has exposed 430,000 Harrods customer’s details
- The data does not include payment information or passwords
- Harrods is not engaging with the hackers
Luxury department store Harrods has confirmed it has been contacted by criminals claiming to have stolen the records of over 430,000 customers in an IT breach.
The company said this breach is unconnected to the string of attacks which hit British high street retailers, including Harrods itself, M&S, and Co-Op, earlier in 2025.
Harrods have confirmed it will not engage with the hackers, and that the information taken via a third-party provider did not include payment data or passwords.
No Harrods system compromised
“The third-party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities,” a spokesperson confirmed in a statement.
Harrods confirmed it has “received communications from the threat actor and will not be engaging with them” – suggesting perhaps that the hackers requested payment in return for not posting the customer data.
The affected data is “limited to basic personal identifiers including name and contact details (where this information has been provided),” the statement confirms. Nevertheless, this information does still leave some customers exposed to attacks like identity theft or fraud.
Cybercriminals can use personal information to apply for loans or credit cards in your name, so if you’ve received notification you may be affected in this (or any other) breach – here’s what we recommend.
The most simple way to protect yourself is to deploy identity theft protection software – as these provide a host of protection tools like dark web scanning, credit monitoring, and password managers as well as insurance coverage in case your identity is affected, usually up to $1 million.
If you want to monitor on your own, then you need to keep a close eye on your bank statements, transactions, and accounts, as well as being wary of any unexpected texts, calls, or emails that may be social engineering attempts.
