6 hours ago
6
Harrods has been hit by a cyber-attack, just days after Marks & Spencer and the Co-op were targeted.
The luxury department store is understood to have been forced to shut down some systems, but said its website and all its stores, including the Knightsbridge flagship, H beauty and airport outlets, continued to operate. It is understood the retailer first realised it was being targeted earlier this week.
Harrods said in a statement: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
The retailer said it was not asking customers to take any action, indicating that it did not suspect data had been accessed. It added: “We will continue to provide updates as necessary.”
The problems at Harrods, first reported by Sky News, emerged as M&S continues to battle problems caused by a cyber incident that has been linked to the hacking collective Scattered Spider.
More than £650m has been wiped off the stock market value of the company as its website has been forced to stop orders for almost a week. There are also gaps on shelves in stores as the company’s automated stock systems are not working and its loyalty scheme and gift card payments have been disrupted.
On Thursday it emerged that M&S has been forced to pause hiring new workers.
The company said it had pulled all online job postings from its website as its recruitment systems were on hold while tech experts deal with the consequences of a hack which has also forced M&S to close its online shop.
A message on M&S’s jobs website said: “Sorry you can’t search or apply for roles right now, we’re working hard to be back online as soon as possible.”
The company, which employs about 65,000 people in its stores and London head office, had no jobs listed anywhere across its UK business on Thursday despite having more than 200 job openings the previous week.
A spokesperson said: “While we proactively manage the cyber incident, we are temporarily pausing some of our normal processes so we can continue to work hard on offering the best M&S for our customers and colleagues. Job adverts will be up again in due course.”
The Co-op has also had to shut down some internal systems and warned staff to keep cameras on during online conferencing after detecting an attempted hack. Stores and online business continue to operate as usual.
Retailers are on high alert as many use the same systems as M&S and the Co-op, SAP, so potential hackers could try to use the same methods in many businesses.
after newsletter promotion
It is unclear whether the cyber-attacks on the three retailers are coordinated or carried out by the same group.
The National Cyber Security Centre said it was working with M&S and the Co-op to understand the nature of both incidents, and is expected to examine any potential links. The Metropolitan police confirmed on Wednesday that detectives from its cybercrime unit, assisted by colleagues from the National Crime Agency, were investigating the attack on M&S.
Richard Horne, chief executive of the NCSC, said the cyber incidents should “act as a wake-up call to all organisations”. He urged businesses “to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively”.
He added: “The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.”
Retailers and their suppliers have faced a series of cyber-attacks in recent years including Morrisons, which was affected by an incident at its tech supplier, Blue Yonder, in the run-up to Christmas last year.
In 2023 WH Smith was hit by an attack in which company data was accessed illegally, including the personal details of current and former employees. That came less than a year after a cyber-attack on WH Smith’s Funky Pigeon website forced it to stop taking orders for about a week.
