Hackers strike Harrods in latest UK cyberattack

The department store said “names and contact details” were taken from an unnamed third-party system Harrods uses for online shopping. The breach did not extend to passwords or payment cards, it said.

In July, four people including a 17-year-old boy were arrested on suspicion of being involved in cyberattacks on Harrods, the Co-op, and Marks and Spencer, and were bailed pending further inquiries.

Reports of cyberattacks have been increasing in recent months. Last week, hackers stole names, addresses and pictures of about 8,000 children from Kido, a nursery chain, and published some on the dark net. Parents reportedly received phone calls from people claiming to be linked to the hack in an apparent blackmail attempt.

Thousands of passengers at Heathrow and other European airports were delayed last week after a ransomware attack on Collins Aerospace. A man in his 40s was arrested in West Sussex last week, the National Crime Agency said, although it was continuing to investigate.

Meanwhile, Jaguar Land Rover’s production lines remain idle after a cyberattack in August, and may not restart until November. LNER and Qantas have also suffered disruption from attacks this year, and last year the NHS postponed 11,000 appointments and procedures due to a ransomware attack.

Growing awareness of the frailties of the UK’s cybersecurity capabilities may undermine the prime minister’s desire to introduce digital ID cards in an attempt to control illegal working.

Yesterday, more than 1.6 million people had signed a parliamentary petition demanding that the government scrap plans for a digital ID. Professor Alan Woodward, a computer scientist at the University of Surrey, said an ID card database would present a huge target for hackers.

Although cyberattacks have become more high profile, there is little reliable data on how many attacks take place in the UK each year. Hackers are drawn from a mix of organised criminal gangs, those sponsored by state actors including Russia and China, and hacktivists with a political agenda, according to a report by the Royal United Services Institute (Rusi).

A government survey found that half of businesses reported some form of a security breach in the previous 12 months.

A new cybersecurity and ­resilience bill will make it mandatory to report more incidents. The bill’s slow progress is frustrating security experts, according to Jamie MacColl, a senior research fellow at Rusi. However, ministers have been reluctant to impose more regulation on businesses, but having “major cybersecurity incidents is not good for economic growth,” he said.

Further reading: Cyberattacks on JLR piles pressure on the government 

Photograph by Andy Hall for The Observer