Harrods, the London luxury department store, has alerted customers about a data breach linked to a third-party provider, resulting in the exposure of over 430,000 records.
The hacker group responsible for the breach attempted to reach out, but Harrods declined to negotiate with them. However, the details of the potential exchange remain undisclosed.
An isolated incident
The company said the breach was limited to the third-party provider’s systems and did not affect payment data, passwords, or order histories (any sensitive customer information).
Only limited information was compromised, including names and contact details like emails and phone numbers, plus data linked to loyalty and co-branded cards.
‘Our priority is to keep customers informed and supported,’ a spokesman said. He added that affected customers would be contacted directly and warned to watch for suspicious emails or messages.
Harrod has not identified the vendor involved, but it is coordinating with the provider and relevant authorities. Internal investigations indicate the incident has been contained with no signs of continued unauthorized access.
Established in 1849, Harrods is known for its landmark London store and its global e-commerce site for luxury goods. It serves a clientele that attracts cybercriminals because of the value of their purchases and profiles.
Retail cyberattacks on the rise
This year has seen a surge in cyberattacks targeting retail and logistics companies worldwide, disrupting operations and compromising customer data.
Europe: In the UK, a loosely affiliated hacker group claimed responsibility for attempts on Harrods and successfully breached Marks & Spencer and the Co-op, which led to the arrest of four individuals by the National Crime Agency. Separately, a cyberattack on Jaguar Land Rover interrupted its worldwide production in August (the company is yet to resume manufacturing post-attack), highlighting how cyberattacks are hitting operations across industries.
North America: The landscape has been equally volatile. MGM Resorts suffered a massive system outage that crippled its Las Vegas operations for days, while Clorox faced significant product shortages and operational disruptions following a targeted attack on its supply chain that cost it $356 million.
Asia-Pacific: Japan experienced one of its largest data breaches with the MOVEit file transfer hack, which compromised the personal information of over 10 million citizens through government and corporate exposures.
These incidents highlight a global escalation in cyberattacks that are now hitting critical operations and supply chains across multiple industries simultaneously.
Stolen data lifecycle
Data breaches have become a common occurrence nowadays. They aren’t by accident, and most of them usually start with planned cyberattacks or weak security that criminals exploit. Once they infiltrate systems, attackers steal sensitive data like credit card details, social security numbers, medical records, or corporate files.
Have you ever wondered what happens to your data once it’s stolen? Where does it go, and who gets access to it? Knowing this is essential to protecting yourself in today’s data-driven world.
After a breach, your data becomes a product to be traded for profit (which sums up its theft to profit life cycle). It may be sold individually, but more often it’s packaged with other stolen records in larger datasets.
In most cases, the hackers who steal your data rarely use it themselves. To them, it’s just a valuable asset in criminal marketplaces. Since data is most profitable only when new and usable, hackers sell it as quickly as possible. So, where does the stolen data go? Here are the most likely destinations.
The dark web
Many data markets thrive on the dark web, where oversight is minimal compared to the surface web (because of all the anonymity and security they deploy). Hackers use these hidden, non-indexed dark web sites to monetize the stolen data without worrying about the host cooperating with law enforcement.
This is where you can find credit card details, passports, PayPal credentials, social security numbers, or any kind of information you can think of.
Privacy-centric messaging apps
Encrypted messaging services like Telegram and Signal provide strong privacy and anonymity, which hackers exploit (we can rather say make use of) to trade stolen data. They create private groups or channels where buyers and sellers connect.
Invite-only forums/chats
The surface web, the normal internet that we access using standard browsers, also hosts forums, chat rooms, apps, and sites where criminals openly trade stolen data. However, these places are usually heavily moderated and often invite-only to limit exposure to law enforcement.
Publicly
Not all data breaches are for profit. Some are published publicly by insiders or whistleblowers to expose wrongdoing. A clear case is the 2015 Ashley Madison breach, where hackers exposed the identities of millions of users because the site was facilitating extramarital affairs.
Just like in any marketplace, prices rise and fall with supply and demand.
What data do hackers trade?
Dark web markets offer a wide range of stolen data, from email accounts to social security numbers and beyond. Here are the most common categories.
- Payment cards: Criminals buy bundles of leaked card details to make fraudulent purchases, a process known as carding.
- Site credentials: Hackers steal social media accounts and email profiles to post defamatory content or conduct phishing and social-engineering attacks.
- Personal documents: Some of the sensitive documents that criminals buy to commit identity theft include passports, social security numbers, birth certificates, etc.
Other common targets include verified PayPal accounts, streaming service logins, crypto wallets, and medical records.
