The Harrods cyberattacks: A legendary retailer becomes a target

Cybersecurity experts constantly warn about the devastating potential of cyberattacks, yet many organizations remain unprepared. The recent attacks on the iconic London retailer Harrods, however, serve as a stark reminder that no business is immune to cyber threats.

The year 2025 has been a particularly challenging year for the luxury department store. Harrods has faced not one but two significant cyberattacks that demonstrate the persistent and evolving nature of cyber threats facing modern retailers.

The first attack occurred in late April 2025, when Harrods became the third major UK retailer targeted in a coordinated wave of cyberattacks. The assault, believed to be orchestrated by the notorious hacker group DragonForce, was part of a broader campaign that also struck Marks & Spencer and the Co-operative Group (Co-op). In response, Harrods took immediate defensive measures, restricting internet access across all its physical sites, including its flagship Knightsbridge location and H Beauty branches, as a precautionary measure. While the company successfully thwarted this attempted intrusion, the incident turned out to be a sign of things to come.

The second breach, occurring in late September 2025, proved far more damaging. Attackers gained access to approximately 430,000 customer records through one of Harrods' third-party provider systems. The stolen data included names and contact details such as email addresses and telephone numbers. Additional information relating to marketing preferences, loyalty tier levels and connections to Harrods co-branded cards was also caught up in the breach. While the company was quick to reassure customers that payment details and account passwords remained secure, the scope of the breach was substantial nonetheless.

The repeated attacks on Harrods and other UK retailers throughout 2025 underscore a troubling reality: The retail sector has become an increasingly attractive target for cybercriminals. Several factors make retailers particularly vulnerable.

First, retailers hold vast troves of valuable customer data. Personal information, payment details, purchase histories and loyalty program data represent goldmines for cybercriminals, who can monetize this information through identity theft, financial fraud or sale on dark web marketplaces. Even basic personal identifiers like names and email addresses have significant value for phishing campaigns and social engineering attacks.

Second, the retail sector's complex digital infrastructure creates multiple attack vectors. Modern retailers operate intricate technology ecosystems that include e-commerce platforms, point-of-sale systems, inventory management software, customer relationship management tools and extensive third-party integrations. Each connection point represents a potential vulnerability. As the September breach at Harrods demonstrated, even when a company's internal systems remain secure, weaknesses in third-party providers can expose customer data.

Also, the operational nature of retail creates pressure to prioritize availability over security. Retailers cannot afford prolonged downtime during peak shopping periods. This operational imperative can sometimes lead to security shortcuts or delayed patching of vulnerabilities. Cybercriminals understand this calculus and often time their attacks to maximize disruption and increase pressure on victims to pay ransoms.

The 2025 attacks on UK retailers reveal a pattern of coordinated campaigns targeting multiple organizations within the sector. When attackers successfully compromise one retailer, they often use similar tactics against others in the industry, knowing that similar vulnerabilities may exist across competing businesses.

The Harrods incidents are part of a devastating year for UK retail. The coordinated spring attacks disrupted supply chains, leading to empty shelves and frozen online and card payment systems across multiple major retailers. Marks & Spencer paused all online orders and faced months of service disruptions, with analysts estimating a profit hit of approximately £300 million. The Co-op suffered an attack that compromised data belonging to all 6.5 million of its members, costing an estimated £206 million in lost sales.

While the attacks on prestigious retailers like Harrods capture headlines, the sobering truth is that businesses of all types and sizes face similar threats. The automotive sector experienced this firsthand when Jaguar Land Rover suffered a devastating cyberattack in August 2025, forcing production lines to stand still about a month and costing over £50 million per week.

These high-profile incidents illustrate a critical point: Cyberattacks don't discriminate by industry, company size, or market position. Small and medium-sized businesses often face even greater risks because they typically have fewer resources dedicated to cybersecurity while still holding valuable data that attracts attackers. Supply chain partners, as demonstrated by both the Harrods and Jaguar Land Rover incidents, can become unwitting entry points for attacks on larger organizations.

For managed service providers (MSPs) working to protect clients in retail and other vulnerable sectors, the challenges are substantial. Clients expect comprehensive protection without the complexity and cost of managing multiple point solutions. They need security that doesn't impede business operations while remaining effective against sophisticated, evolving threats.

Acronis Cyber Protect Cloud addresses these challenges through industry-first  native integration of cybersecurity, data protection and endpoint management in a single platform. Rather than juggling separate tools for backup, anti-malware, vulnerability assessment and remote management, MSPs can deliver comprehensive protection through one agent and a single management console.

This native integration creates significant operational efficiencies for MSPs. Automatic machine discovery and remote agent installation streamline deployment, while centralized multi-tenant management reduces administrative burden. MSPs can track and plan their work more efficiently with built-in hardware inventory collection, change tracking, vulnerability assessments and comprehensive monitoring and reporting through a unified interface.

For businesses seeking to protect themselves directly, whether they're retail organizations like Harrods or manufacturers like Jaguar Land Rover, Acronis Cyber Protect delivers enterprise-grade security, also through a natively integrated cybersecurity platform.

As is the case with Acronis Cyber Protect Cloud, the solution's power lies in its integration. Rather than managing separate products for backup, anti-malware protection, vulnerability management and disaster recovery, organizations gain comprehensive protection through a natively integrated platform with a single point of management. This integration eliminates the security gaps that exist between point solutions while reducing management complexity.

Acronis Cyber Protect's backup and recovery capabilities provide the ultimate safety net against ransomware and destructive attacks. Even if attackers succeed in compromising systems or encrypting data, organizations can quickly restore operations from secure, immutable backups. The solution supports both IT and operational technology environments, ensuring protection extends from corporate systems to production floor equipment in manufacturing settings.

The Harrods cyberattacks, along with the broader wave of incidents affecting UK retailers and manufacturers throughout 2025, should serve as a wake-up call for every business leader. Organizations that invest in comprehensive cyber protection today will be the ones that remain operational when attacks occur. The question is not whether your business will face a cyber threat, but when. You have to be prepared to defend against it and recover quickly.