Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label harrods. Show all posts
harrods
cyber attack cyberattack news Data Breach Data Theft harrods

Harrods Confirms Data Breach Exposing 430,000 Customer Records

 

Luxury retailer Harrods has confirmed a new data breach that exposed the personal details of around 430,000 e-commerce customers after hackers compromised one of its third-party suppliers. 

The company clarified that this incident is separate from the cyberattack it faced in May, which was attributed to the hacker group Scattered Spider. 

In a statement to publications, Harrods said it informed affected customers on Friday that their personal details, including names and contact information, were accessed following a breach at a third-party provider. 

The retailer did not disclose the name of the compromised vendor but said it has taken immediate steps to contain the situation and alert authorities. The company reassured customers that the leaked data does not include passwords, payment details, or purchase histories. 

However, some customer records contained internal tags and marketing labels used by Harrods for service management. These labels may reference customer tier levels or affiliations with Harrods’ co-branded credit cards, though the company said such information would be difficult for unauthorised parties to interpret accurately. 

Cybersecurity experts have linked the breach to a wider supply chain attack that affected multiple companies globally over the summer. The incident, believed to involve the Salesloft platform, saw hackers use stolen OAuth tokens to access Salesforce systems and extract customer data. 

Harrods also confirmed that the threat actor behind the latest breach had reached out to the company directly, apparently seeking extortion. 

The retailer stated it would not engage in any communication or negotiation with the attacker. Authorities and cybersecurity professionals have been notified, and Harrods said it continues to work closely with them to ensure customer protection and prevent future incidents. 

The company has also advised customers to remain alert to phishing attempts and avoid clicking on links or sharing information with unknown sources. 

Despite the breach, Harrods’ online services remain operational. The company said it remains committed to maintaining the trust of its customers and strengthening its digital security systems to safeguard sensitive information.
Read more »
IT desk
Data Breach Dior Hackers harrods IT desk

Hackers Are Fooling IT Help Desks — Here’s How You Can Stay Protected

 


IT support teams, also known as service desks, are usually the first people we call when something goes wrong with our computers or accounts. They’re there to help fix issues, unlock accounts, and reset passwords. But this helpfulness is now being used against them.

Cybercriminals are targeting these service desks by pretending to be trusted employees or partners. They call in with fake stories, hoping to trick support staff into giving them access to systems. This method, called social engineering, relies on human trust — not hacking tools.


Recent Examples of These Attacks

In the past few months, several well-known companies have been hit by this kind of trickery:

1. Marks & Spencer: Attackers got the IT team to reset passwords, which gave them access to personal data. Their website and online services were down for weeks.

2. Co-Op Group: The support team was misled into giving system access. As a result, customer details and staff logins were stolen, and some store shelves went empty.

3. Harrods: Hackers tried a similar trick but were caught in time before they could cause any damage.

4. Dior: An unknown group accessed customer information like names and shopping history. Thankfully, no payment details were leaked.

5. MGM Resorts (2023): Hackers phoned the help desk, pretending to be someone from the company. They convinced the team to turn off extra security on an account, which led to a major cyberattack.


Why Hackers Target Support Desks

It’s often much easier to fool a person than to break into a computer system. Help desk workers are trained to respond quickly and kindly, especially when someone seems stressed or claims they need urgent access.

Hackers take advantage of this by pretending to be senior staff or outside vendors, using pressure and believable stories to make support agents act without asking too many questions.


How These Scams Work

• Research: Criminals gather public details about the company and employees.

• Fake Identity: They call the support team, claiming to be locked out of an account.

• Create Urgency: They insist the situation is critical, hoping the agent rushes to help.

• Avoiding Security: They make up excuses for not being able to use two-step login and ask for a reset.

• Gain Access: Once the reset is done, they log in and start their attack from the inside.


What Can Be Done to Prevent This

Companies should train their support teams to slow down, ask the right questions, and always verify who they’re talking to — no matter how urgent the request sounds. It’s also smart to use extra security tools that help confirm a person’s identity before giving access.

Adding clear rules and multi-layered checks will make it harder for attackers to slip through, even when they try their best to sound convincing.

Read more »
Subscribe to: Comments (Atom)