Luxury retailer Harrods has become the third major U.K. retailer to face suspected cyberattack this week
London — Luxury department store Harrods became the latest high-profile British retailer to fall victim to a suspected cyberattack on Thursday, with customers reporting widespread payment system failures throughout the afternoon.
The iconic Knightsbridge store, a symbol of British luxury retail, confirmed that it was experiencing “technical difficulties” after numerous shoppers found themselves unable to complete purchases in various departments. The incident follows similar cyberattacks on major U.K. retailers Marks & Spencer and the Co-op Group earlier this week, raising concerns about a coordinated campaign targeting Britain’s retail sector.
Customers at the landmark store reported issues beginning around 2 PM on Thursday, with payment terminals displaying error messages and staff unable to process transactions.
By late afternoon, Harrods had implemented emergency measures, with some departments reverting to manual payment processing where possible.
“I was trying to purchase items in the food hall when the system simply stopped working,” said Emma Lawrence, a regular Harrods customer.
“The staff were apologetic but couldn’t do anything. They said their entire network was experiencing problems.”
A Harrods spokesperson confirmed the disruption in a statement: “We are currently experiencing technical issues across some of our systems. Our teams are working urgently to resolve these issues and minimize disruption to our customers. We apologize for any inconvenience caused and appreciate our customers’ patience during this time.”
While Harrods has not officially confirmed a cyberattack, cybersecurity experts believe the incident bears hallmarks of the same sophisticated attack that affected Marks & Spencer on Tuesday and the Co-op Group on Wednesday.
Professor Alan Woodward, cybersecurity expert at the University of Surrey, told reporters: “The timing and nature of these incidents strongly suggest a coordinated campaign. These are sophisticated attacks targeting payment infrastructure, likely aimed at either data theft or simply causing disruption to major British institutions.”
The National Cyber Security Centre (NCSC) released a statement confirming they are “working with Harrods and other affected retailers to fully understand the nature of these incidents and provide appropriate support.” The agency also urged other retailers to review their security protocols and implement recommended safeguards.
Retail industry analysts suggest the timing of these attacks, coming during a period of increased consumer spending ahead of the summer season, is particularly damaging for the affected businesses.
Harrods, which attracts approximately 15 million visitors annually and generates over
£2 billion in revenue, faces significant financial impact from even a short-term disruption.
“Each hour of downtime for a retailer of Harrods’ scale represents substantial lost revenue,” explained Maria Jenkins, retail analyst at Deloitte. “Beyond the immediate financial impact, there’s the question of consumer confidence and potential data breaches that could have long-term consequences.”
The incidents come amid a growing trend of cyberattacks targeting U.K. businesses.
According to recent data from the Department for Science, Innovation and Technology, 46% of U.K. businesses reported having experienced cybersecurity breaches or attacks in the past 12 months, with the retail sector seeing a particular increase.
Security sources speaking on condition of anonymity suggested the attackers may be using advanced ransomware techniques, potentially holding systems hostage until payment is made. However, there has been no public confirmation of ransom demands from any of the affected retailers.
By Thursday evening, Harrods acknowledged that some systems remained offline but assured customers that their teams were “working around the clock” to restore normal operations. The store remained open with limited functionality, though many customers were observed leaving without completing their intended purchases.
The Metropolitan Police confirmed they are working with the National Crime Agency‘s cybercrime unit to investigate the incident, though they declined to provide specific details about the ongoing investigation.
Cybersecurity experts are advising consumers who have recently shopped at any of the affected retailers to monitor their bank statements carefully for suspicious activity and consider changing passwords for any accounts linked to these retailers.
As businesses increasingly rely on digital infrastructure, these incidents serve as a stark reminder of the vulnerabilities within the retail sector and the growing sophistication of cybercriminals targeting high-profile British institutions.
Harrods Hit by Cyberattack, Customers Unable to Complete Purchases (May 1, 2025)
