Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Major UK luxury department store Harrods has become the third British retailer to have suffered a cyber attack in the last two weeks, closely following Marks & Spencer (M&S) and Co-op.
In a statement seen by CyberNews, Harrods disclosed that it had suffered a cyber attack, having “recently experienced attempts to gain unauthorised access to some of our systems”.
“Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today,” said Harrods.
Like both M&S and Co-op, Harrods has not advised customers to do anything different at this stage. Additionally, it said that “all sites, including our Knightsbridge store, H beauty stores and airport stores, remain open to welcome customers”, as well as the Harrods website for online shopping.
Just days ago, Co-op Group disclosed a similar cyber attack, saying that it had detected unauthorised users attempting to access its systems.
“We have recently experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back-office and call centre services,” said a company spokesperson.
Prior to this, M&S suffered a cyber attack, resulting in a number of its systems being disabled.
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business, and we are sorry for any inconvenience experienced,” the retailer said last month.
The group initially disabled its payment and click-and-collect systems, before then disabling all online sales through its app and website.
“As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps,” the company said.
While no threat actor has claimed responsibility for any of the attacks, M&S engaged Microsoft, CrowdStrike, and Fenix24 for an investigation into the breach, which has so far concluded that Scattered Spider was behind the incident.
Scattered Spider, or Octo Tempest as Microsoft calls them, is a hacking group largely made of teenagers and young adults believed to be based in the UK and the US.
Threat actors reportedly gained initial access in February when they exfiltrated the Windows domain’s NTDS.dit file, allowing them to gain access to credentials and move laterally throughout the retailer’s systems.
Additionally, BleepingComputer was told that the threat actors encrypted virtual machines on 24 April after deploying the DragonForce ransomware on VMware ESXi hosts.
Be the first to hear the latest developments in the cyber industry.
