Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Luxury department store Harrods has been targeted by cyber criminals, making it the latest major UK retailer to fall victim to hackers in a matter of days.
The Qatar-owned retailer said on Thursday its IT security team had fended off attempts by hackers to “gain unauthorised access to some of our systems” by restricting internet access at its stores and offices.
The attack on Harrods comes just days after Marks and Spencer and the Co-op were targeted by cyber criminals. The incidents highlight the heightened security risks for retailers with large customer databases, and the increasing need for them to have robust cyber defences in place.
M&S has been unable to accept online orders since last Friday and is still battling to fully restore its operations. The FTSE 100 retailer first disclosed that its systems had been compromised last Tuesday.
The Co-op was forced to shut down part of its IT system after discovering an attempted breach, it said on Wednesday. The mutually owned group said its operations were largely unaffected, with only a small impact to some of its back-office and call centre services.
Harrods said all of its stores, including its flagship Knightsbridge branch, H beauty chain and airport units, were open as normal, and shoppers could continue to buy goods online.
“We are not asking our customers to do anything differently at this point,” the company added. Sky News first reported the cyber attack.
All three retailers have spoken to the National Cyber Security Centre, helping them understand the nature of the attacks.
NCSC chief executive Richard Horne said “the disruption caused by the recent incidents . . . are naturally a cause for concern” and “should act as a wake-up call to all organisations”.
Jamie Smith, global managing director of cyber security at S-RM, a consultancy that offers digital forensic services, said retailers are often an attractive target for hacking groups because of their “large customer databases with payment information . . . which are highly valuable”.
He added: “This information acts as extortion leverage for an attacker,”
Lauren Wills-Dixon, head of data privacy at law firm Gordons, said Harrods’ response suggests it had “a robust cyber security plan in place” as “the attack has not impacted sales”.
But she added: “This incident — and the similar threats faced by Co-op and M&S — highlight the importance of such measures, and indeed the risk to retailers in an increasingly digital world.”
