Harvey Nichols, a luxury British department store chain known for offering high-end fashion, beauty, food, and home products, suffered a cyberattack in which crooks stole sensitive user data. The company confirmed the news in data breach notification letters it recently started mailing to affected customers.
In the email, the company said that it lost people’s names, postal addresses, phone numbers, company names, and email addresses. It described the information stolen as “non-sensitive” despite the fact that it can be used in dangerous phishing attacks that can result with wire fraud, ransomware attacks, and more.
Luckily, payment information and login credentials were not exposed.
Missing key details
Besides the data breach notification letters, the company is tight-lipped about the breach. It said nothing about it on its website, or social media accounts. On X, it advises victims to reach out via email for further assistance. Therefore, we don’t know who the attackers are, when the attack happened, how they breached the network, or if they used any malware or ransomware in their attack. We also don’t know how long the crooks dwelled on the target infrastructure, how they were spotted, or if they reached out to the company with any ransom demands. TechRadar Pro have reached out to the company with these questions and will update the article if we hear back.
Harvey Nichols did say that the hole which allowed the crooks to wiggle their way in has been closed since the intrusion was first observed. “The issue that allowed the attack to succeed has now been closed so our system is once again fully secure, and we have engaged experts to ensure it remains so,” it said. It also claims it saw no evidence of data misuse, just yet.
“Please remain vigilant if you receive any suspicious emails or calls claiming to be from Harvey Nichols,” the company concluded. The Information Commissioner’s Office and the Data Protection Commission in Ireland have both been notified about the breach.
Via The Register