Home 
Date of Incident:
2024
Overview:
In 2024, Harrods experienced a data breach due to a third-party supplier vulnerability, affecting 430,000 customer records with names, contact details, and marketing information exposed. The breach, which became public in September 2025, did not compromise passwords, payment details, or order histories. Attackers used exploitation techniques like SQL Injection to gain unauthorized access and attempted extortion. This incident highlights the importance of securing third-party systems in the retail sector.
>>Outpace Attackers With AI-Based Automated Penetration Testing
Impact:
430,000 customer records including names, contact details, marketing labels, and co-branded card affiliation leaked. No passwords, payment info, or order histories exposed. Threat actor attempted extortion.
Details:
The breach involved exploitation of a third-party supplier system integrated with Harrods, allowing unauthorized access to a customer database. The attacker executed MITRE ATT&CK tactics including Initial Access (T1190 – Exploit Public-Facing Application) and Collection (T1114 – Email Collection). PoC code demonstrated SQL Injection and HTTP request manipulation to extract customer data. IOCs include suspicious IP addresses linked to the extortion attempt, specific hash values of malicious payloads, and DNS queries to command and control servers. Relevant logs show anomalous access times and file access patterns in supplier backend logs.
Remediation:
The vendor issued patches closing the exploited vulnerabilities and recommending immediate update of supplier software components. Temporary mitigations include enhanced network segmentation, disabling unused services, increased logging and alerting on unauthorized data access, and forced password resets of integrated accounts. Known workarounds involve isolating the supplier integration until patches are applied.
Takeaway for CISO:
This breach highlights risks posed by third-party suppliers to customer data integrity. CISOs should prioritize rigorous third-party risk assessments, enforce zero-trust principles for supplier access, and establish rapid incident response protocols for external integrations to mitigate similar data leaks and extortion risks.
Outpace Attackers With AI-Based Automate Penetration Testing With FireCompass:
FireCompass is a single platform for AI-Powered Continuous Automated Red Teaming (CART), Pen Testing & NextGen Attack Surface Management
