London: Harrods has confirmed that some of its customers’ personal information has been compromised following a data breach at a third-party service provider. The luxury retailer said the incident did not affect its internal systems and stressed that payment and password details remain secure.

According to Harrods, the data accessed included basic identifiers such as names and contact information. The breach was traced to a partner company that supports elements of Harrods’ online operations. The provider has since isolated and contained the issue.

Customers whose data may have been affected have been notified, and Harrods has reported the incident to regulatory authorities. The retailer emphasized that this incident is separate from a previous attempt earlier this year that forced temporary restrictions on its digital services.

The breach comes amid growing concerns about cyberattacks targeting major retailers and luxury brands. In recent months, Marks & Spencer, the Co-op, and French luxury group Kering have all reported customer data being exposed in similar incidents. UK police arrested four individuals earlier this year in connection with cyberattacks on Harrods and other retailers.

While Harrods maintains that sensitive financial information was not accessed, cybersecurity experts warn that stolen contact details can still be exploited in phishing schemes and social engineering attacks. Regulators, including the UK’s Information Commissioner’s Office, are expected to review the case to determine whether stronger data protection measures should be enforced.

The incident underscores the growing vulnerabilities posed by reliance on third-party providers in the retail industry and highlights the increasing sophistication of cyber threats facing global luxury brands.