In September 2025, Harrods, the iconic London luxury department store, disclosed that a third-party vendor had been compromised, exposing contact details for online customers. Exposed information included customer names and contact details. Harrods notified affected customers and the ICO. This occurred shortly after the spring 2025 wave of UK retail cyberattacks affecting Marks & Spencer (April 2025), Co-op (April 2025), and others — though Harrods’ incident was attributed to a different vector (third-party vendor compromise rather than direct ransomware attack).