The British department store Harvey Nichols has warned customers that their personal data may have been breached in a recent cyber attack.
In a letter to customers sent out this week, the high-end store told customers that their name, company phone number and home addresses may have been exposed during the incident,
It assured customers that highly sensitive information – such as passwords and financial information – had not been exposed in the hack. But the investigation is still on-going.
“The issue that allowed the attack to succeed has now been closed so our system is once again fully secure, and we have engaged experts to ensure it remains so," the retailer said in its letter to customers.
"Your personal data was exposed, so while we are not aware that it has been misused in any way, there remains a possibility that your data could be used to scam you," the letter adds.
No Financial data breached
Harvey Nichols said it became aware of the breach on September 16, but didn't reveal when the attackers first found themselves inside the network.
"While no financial or password data has been exposed, you should be vigilant to the risk of fraudsters using your contact details (e.g. phone, email address) to attempt to get more sensitive information from you,” the retailer continued.
"We have taken immediate steps to secure all data (supported by a cybersecurity expert) to ensure that our processes and systems remain as secure as possible going forward."
"We are very sorry for the inconvenience caused on this occasion. But rest assured, we take our customers' data extremely seriously.”
The letter adds that the retailer's website and loyalty app are put through "complete 360 tests" once annually or before any major changes to either platform.
Harvey Nichols contracts different third-party companies to run weekly and monthly security scans to validate its partners' development pipelines
Cyber attacks on the retail sector
The cyber attack on Harvey Nichols is just the latest incident where hackers have targeted a high-end retail giant.
In March, the billion-dollar boat seller MarineMax was also hit by an attack, which saw hackers steal confidential information including as personal and financial data belonging to customers.
Suzan Sakarya, Senior Manager, EMEIA Security Strategy at Jamf, told EM360Tech that the luxury retail sector was an attractive target for cybercriminals.
“As Harvey Nichols is a high-end luxury fashion retailer, and given the profile of its customers, it is naturally more attractive to criminals.”
“The theft of personal information can be extremely damaging for organisations, resulting in reputational harm, financial losses, and legal issues. Harvey Nichols' customers should remain vigilant for fraud or unsolicited contact and be wary of phishing attacks.”
“Whilst it hasn’t been confirmed how the attack occurred, the statement sent to affected customers suggests a potential vulnerability. Ultimately, it highlights the importance of organisations addressing the basics.”
