Harrods becomes latest retailer to announce attempted cyberattack

Harrods, the luxury department store in London, has become the latest U.K. retailer to announce detecting an attempted cyberattack following similar announcements by Marks & Spencer and the Co-op.

In a statement on Thursday, Harrods said it had “recently experienced attempts to gain unauthorised access to some of our systems” but that its “IT security team immediately took proactive steps to keep systems safe.”

“As a result we have restricted internet access at our sites today,” the company added, but stressed that both in-person and online shopping remained unaffected.

It follows a similar announcement by the Co-op, which said Wednesday it had proactively shut down part of its IT systems due to an incident. While staff informed Recorded Future News that the system they use to clock-in for their shifts was down, there didn’t appear to be any more substantial impact.

The attack on Marks & Spencer appears to be the most impactful of the incidents affecting retailers. The company’s online shopping services are unavailable, customers have reported finding some shelves empty in stores, and workers were told not to turn up at its main warehouse distribution center earlier this week.

Richard Horne, the head of the National Cyber Security Centre, acknowledged the “disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture,” Horne added.

Matt Western, the chair of Parliament’s Joint Committee on the National Security Strategy, said: “These serious attacks threaten not just the bottom line of the businesses involved but also the wider food supply chain. If shelves are left empty and deliveries unfulfilled, local communities will suffer.”

Responding to unconfirmed reports that Marks & Spencer was impacted by a ransomware attack — something the committee has complained the government isn’t doing enough to address – Western said: “Ransomware is a real and growing threat to many aspects of our daily lives. Cyber security affects us all, and we must do more to prevent these attacks knocking out whole sectors of our economy in future.”

Stephen Bonner, the deputy commissioner at the ICO, said on Friday that the regulator “can confirm we have received reports from Marks and Spencer plc and the Co-op Group. We are making enquiries with these organisations and working closely with the National Cyber Security Centre (NCSC)."