"It began notifying affected customers on September 26 that their data was taken during a break-in at one of its suppliers. Harrods said the "third party" supplier has reassured it that the incident was isolated and had been contained. Harrods also confirmed in a statement on Sunday: "We have received communications from the threat actor and will not be engaging with them.""
"The affected data included basic personal details such as names and contact details, but does not include passwords or financial information. It may also include marketing-related data such as Harrods membership tier levels and affiliation to a Harrods co-branded card. However, the lux retailer said it believes this data was unlikely to be interpreted accurately by anyone who can get their hands on it."
Harrods confirmed a break-in at a third-party supplier led to the theft of 430,000 customers' data and began notifying affected customers on September 26. The stolen information included names, contact details, and possibly marketing-related data such as membership tiers and co-branded card affiliation, while passwords and financial information were not taken. Harrods stated its own systems were not targeted, will not engage with the threat actor, and has informed relevant authorities. The incident is separate from an earlier attack linked to the Scattered Spider group.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]