Harrods, the famous London department store, recently fell victim to a cyber attack, making it the latest UK retailer in a string of attacks that includes Marks and Spencer and Co-op.
Sky News first reported the incident, revealing that customers faced issues making payments. A Harrods spokesperson confirmed this, explaining they detected unauthorized access attempts and acted quickly to secure their systems. To protect customer data, they limited internet access at their locations. However, all their stores, including the Knightsbridge and airport outlets, remain open, and shopping on their website continues without interruption. They assured customers that no special actions were needed on their part and promised to keep everyone informed.
Details about the Harrods attack are still scarce. This incident comes just days after Co-op revealed it was dealing with a similar cyber threat. In addition, M&S had to pause several online services due to an earlier attack. This has sparked speculation that the three incidents could be connected, likely through a shared third-party retail services partner in a supply chain attack.
Recently, reports indicated that the M&S attack might involve Scattered Spider, a known cybercrime group. They reportedly used a ransomware called DragonForce, targeting vulnerabilities in M&S’s systems. This tactic matches Scattered Spider’s past behavior, where they’ve extorted high-profile victims, including casinos.
Experts like Tim Grieveson from ThingsRecon warned that there seems to be a common thread linking these retailers, emphasizing that these attacks shouldn’t be dismissed as isolated events. Toby Lewis from Darktrace noted that either a shared supplier or a breach in common technology could be at play, highlighting the challenges large organizations face in securing their supply chains amid increasing threats.
Jake Moore, a cyber security advisor at ESET, pointed out another possibility. Even if different attackers were behind these incidents, it’s common for hackers to target similar businesses in quick succession. Ransomware like DragonForce is often sold on the dark web, making it accessible for various threat actors looking to exploit vulnerabilities in similar companies. Moore noted that businesses must stay vigilant and ensure their systems are up-to-date to thwart such attacks effectively.