Summarize and analyze this article with:

Date of Incident:
2024

Overview:

In 2024, Harrods experienced a data breach due to a third-party supplier vulnerability, affecting 430,000 customer records with names, contact details, and marketing information exposed. The breach, which became public in September 2025, did not compromise passwords, payment details, or order histories. Attackers used exploitation techniques like SQL Injection to gain unauthorized access and attempted extortion. This incident highlights the importance of securing third-party systems in the retail sector.

>>Outpace Attackers With AI-Based Automated Penetration Testing

Impact:

430,000 customer records including names, contact details, marketing labels, and co-branded card affiliation leaked. No passwords, payment info, or order histories exposed. Threat actor attempted extortion.

Details:

The breach involved exploitation of a third-party supplier system integrated with Harrods, allowing unauthorized access to a customer database. The attacker executed MITRE ATT&CK tactics including Initial Access (T1190 – Exploit Public-Facing Application) and Collection (T1114 – Email Collection). PoC code demonstrated SQL Injection and HTTP request manipulation to extract customer data. IOCs include suspicious IP addresses linked to the extortion attempt, specific hash values of malicious payloads, and DNS queries to command and control servers. Relevant logs show anomalous access times and file access patterns in supplier backend logs.

Remediation:

The vendor issued patches closing the exploited vulnerabilities and recommending immediate update of supplier software components. Temporary mitigations include enhanced network segmentation, disabling unused services, increased logging and alerting on unauthorized data access, and forced password resets of integrated accounts. Known workarounds involve isolating the supplier integration until patches are applied.

Takeaway for CISO:

This breach highlights risks posed by third-party suppliers to customer data integrity. CISOs should prioritize rigorous third-party risk assessments, enforce zero-trust principles for supplier access, and establish rapid incident response protocols for external integrations to mitigate similar data leaks and extortion risks.