Luxury department store Harrods has confirmed it was targeted by hackers attempting to gain unauthorized access to its systems, becoming the third high-profile British retailer to face cyber threats in the past two weeks. The Qatar Investment Authority-owned company announced on Thursday, May 1, 2025, that it had taken immediate protective measures, including restricting internet access across its locations. Despite the attack, Harrods assured customers that all its sites-including the flagship Knightsbridge store in London, H beauty outlets, and airport shops-remain operational, and online shopping through harrods.com continues uninterrupted.

The cyber incident at Harrods follows similar attacks on two other prominent UK retailers-Marks & Spencer and the Co-op Group. M&S has been experiencing significant disruption for seven consecutive days, with customers unable to place clothing and home orders through its website and app. The attack on M&S has been particularly damaging as it coincided with warm weather in Britain, a period when retailers typically see increased demand for summer clothing and fresh products. According to technology news outlet BleepingComputer, the ransomware attack that encrypted M&S's servers was reportedly executed by a hacking collective known as "Scattered Spider".

While specific details about the Harrods breach remain limited, the company's IT security team acted swiftly to safeguard its systems upon discovering the unauthorized access attempts. Unlike the more severe impact experienced by M&S, both Harrods and Co-op appear to have contained their respective incidents with less operational disruption. Harrods has stated that it is not requesting customers to alter their shopping behavior at this time, though some reports suggest that certain customers have encountered difficulties finalizing their purchases.

The series of cyber attacks against major UK retailers has prompted concern from cybersecurity authorities. The National Cyber Security Centre (NCSC) has called these incidents a "wake-up call" and is actively working with the affected companies to understand the nature of these attacks and provide expert advice to the wider sector. The Metropolitan Police's Cyber Crime Unit and the National Crime Agency are also investigating the M&S breach. These incidents highlight the growing vulnerability of high-end businesses to online security threats, with British companies, public bodies, and institutions having faced numerous cyber assaults in recent years, resulting in tens of millions of pounds in losses.