Harrods Latest UK Retailer to Fall Victim to Cyber-Attack in Recent Days

UK retailers are facing mounting cyber threats, and Harrods has become the latest to confirm a cyber incident. Following earlier cyber-attacks involving the Co-operative Group (Co-op) and Marks and Spencer (M&S), luxury retailer Harrods reported attempts to gain unauthorized access to some of its systems on May 1.

In response, Harrods took proactive measures by taking some of its systems offline as a precautionary step. Despite this, the retailer assured customers that all sites, including its Knightsbridge store, H beauty stores, and airport stores, remain open for shopping and browsing via harrods.com.

A Growing Concern: The Link Between Harrods and Other Retailers

The recent string of cyber incidents has led some to speculate about a potential link between the affected retailers. Toby Lewis, Head of Threat Analysis at cybersecurity firm Darktrace, notes that while details are still scarce, it's essential not to rule out the possibility of a common supplier or technology being breached.

"Either a common supplier or technology used by all three retailers has been breached and used as an entry point to big-name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk," Lewis explained.

The Impact of Ransomware: A Growing Concern

Ransomware groups are increasingly targeting companies, exploiting vulnerabilities in networks. Jake Moore, Global Cybersecurity Advisor at ESET, notes that similar companies in the same sector often become secondary targets after a huge cyber-attack.

"If multiple organizations have the same vulnerability within their networks that can be exploited by ransomware groups, it's likely that they will be targeted," Moore warned. "The recent M&S incident has already demonstrated how quickly and extensively these attacks can spread."

The Scattered Spider Group: A Possible Culprit Behind M&S Incident

Media reports have linked the M&S incident to the hacking group Scattered Spider, which has deployed the DragonFroce encryptor. This group has already targeted several prominent brands in 2025, including Luis Vuitton, Nike, and Vodafone.

"The DragonForce tool can simply be purchased on the dark web in the Ransomware-as-a-Service (RaaS) ecosystem," explained ESET's Moore. "Attacks involving this ransomware most commonly start by targeting known vulnerabilities, such as attacking systems that have not been kept up to date with the latest security patches."

A Call for Vigilance: The NCSC Warns of Potential Threats

The National Cybersecurity Center (NCSC) CEO Richard Horne issued a statement on May 1, urging organizations to take action. "The disruption caused by recent incidents impacting the retail sector are naturally a cause for concern... These incidents should act as a wake-up call to all organizations," Horne said.

"I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively," Horne concluded.