Luxury London retailer Harrods disclosed that hackers accessed personal information of up to 430,000 online customers through a third-party provider breach. The stolen data includes names and contact details but excludes passwords and payment information.
The company refused to engage with the threat actors who contacted them about the breach. This incident is separate from a May cyberattack that targeted Harrods' systems directly.
The breach highlights ongoing supply chain vulnerabilities plaguing UK retailers. Earlier this year, M&S lost £300 million and Co-op lost £206 million from similar attacks linked to the Scattered Spider group. Recent studies show 97% of FTSE 100 companies experienced third-party breaches in the past year.
Source: Infosecurity Magazine