Harrods has become the third major UK retailer in one week to confirm a large-scale cyber incident, following events at Co-op Group and Marks & Spencer that have exposed the sector’s operational fragility in the face of increasingly sophisticated attacks.

In a statement released this week, Harrods said: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.” The retailer emphasised that all store locations – including its Knightsbridge flagship, airport concessions, and H beauty branches – remained open, and that online shopping via harrods.com was also not affected.

The disclosure came as M&S confirmed it had recovered from a cyber attack that severely disrupted online operations for almost a week. The retailer was forced to suspend web orders and restrict remote access, citing the need to “proactively manage” the threat. It has since resumed full digital services. CEO Stuart Machin acknowledged the disruption and thanked customers for their patience, adding that services such as contactless payments were deliberately paused to protect customers and the business.

Co-op, which also confirmed a cyber incident earlier this week, pre-emptively withdrew access to internal systems and closed several business services.

Retailers are attractive targets for attackers, due to the high volume of sensitive customer data and the potential for significant disruption to logistics and fulfilment systems. The interconnected nature of modern retail supply chains means a breach in one area can ripple quickly through others. This week's attacks in particular show that the threat is evolving.

Si West, a director at risk consultancy Resilience, said this week’s events underscore a troubling shift in attacker tactics. “Techniques like SIM swapping and multi-factor authentication bypass, once the preserve of highly skilled actors, are becoming mainstream,” he noted. West stressed that organisations need to move beyond reactive IT defences and embed resilience at an enterprise level – including incident response rehearsals, leadership involvement in risk management, and deeper scrutiny of third-party exposure.

He also pointed to the role of cyber insurance as part of this wider posture. “No policy prevents an attack, but it can significantly reduce the financial and operational fallout,” West said, adding that policyholders who engage proactively are more likely to recover effectively and limit material losses.

With no evidence of a coordinated campaign, speculation remains over whether the three cases are connected. However, the clustering of incidents is drawing attention to potential common exposures, such as shared suppliers, legacy software dependencies and third-party platform vulnerabilities.

Ian Birdsey, a partner at international law firm, Clyde & Co said the recent wave of attacks reveals the potential vulnerability of even the largest corporations, as well as the growing sophistication of cyber criminals.

"Although some of these attacks have been successfully defended by retailers, they can still cause significant operational disruption to the retailer and its customers. The volume and richness of customer data stored by retailers with online operations is often what makes them such viable targets, susceptible to blackmail and ransom where those criminal attacks succeed," he said. "In an increasingly digitised world, businesses are almost completely dependent on internet-enabled systems, from lighting and air conditioning to security surveillance and self-checkouts, plus exposures from third party supply chains, which makes those with physical store fronts just as vulnerable to infiltration by malicious actors looking to disrupt operations. Robust cyber security measures and contingency plans for when disaster strikes, whether it be caused by criminals or because of an accidental system failure, are crucial to maintaining business as usual and protecting against financial losses.”

---