The high-end British retailer Harvey Nichols has informed customers that some of their data was exposed in a recent cyberattack.
In a statement seen by Intelligent CISO, Harvey Nichols stated it became aware of the breach on September 16, but did not disclose when the attackers first gained access to the network.
“Upon discovering it, we took immediate action to ensure no further data was compromised,” the statement said.
“The breach was due to a cyberattack. The issue that allowed the attack to succeed has now been closed so our system is once again fully secure, and we have engaged experts to ensure it remains so.”
Suzan Sakarya, Senior Manager, EMEIA Security Strategy at Jamf, said: “Due to the volume of personal data held, the retail sector is an exceptionally popular target for cybercriminals. As Harvey Nichols is a high-end luxury fashion retailer, and given the profile of its customers, it is naturally more attractive to criminals.
“The theft of personal information can be extremely damaging for organisations, resulting in reputational harm, financial losses and legal issues. Harvey Nichols’ customers should remain vigilant for fraud or unsolicited contact and be wary of phishing attacks.
“Whilst it hasn’t been confirmed how the attack occurred, the statement sent to affected customers suggests a potential vulnerability. Ultimately, it highlights the importance of organisations addressing the basics.
“This serves as a case in point for other businesses, emphasising why it is critical to have effective patch management processes and conduct regular audits, so vulnerabilities can be quickly identified and addressed. It should also be accompanied by other practices such as enforcing multi-factor authentication, using secure passwords or password management software, and ensuring users are aware of security risks.”
Intelligent CISO has approached Harvey Nicols for comment.
Click below to share this article