British department store Harvey Nichols is reportedly the victim of a cyberattack in which criminals stole user’s "non-sensitive" information. According to Zywave, Harvey Nichols confirmed the data breach in a notification it emailed to customers.
The company said that it “lost people’s names, postal addresses, phone numbers, company names, and email addresses. It described the information stolen as “non-sensitive” even though it can be used in dangerous phishing attacks that can result with wire fraud, ransomware attacks, and more. Luckily, payment information and login credentials were not exposed.”
Zywave also reported that: “Besides the data breach notification letters, the company is tight-lipped about the breach. It said nothing about it on its website, or social media accounts. On X (formerly known as Twitter), it advises victims to reach out via email for further assistance. Therefore, we don’t know who the attackers are, when the attack happened, how they breached the network, or if they used any malware or ransomware in their attack. We also don’t know how long the crooks dwelled on the target infrastructure, how they were spotted, or if they reached out to the company with any ransom demands.”
The report also notes that: “TechRadar Pro have reached out to the company with these questions and will update the article if we hear back.”
Harvey Nichols revealed that the vulnerability which allowed the hackers into their systems has been closed since the discovery of the breach. “The issue that allowed the attack to succeed has now been closed so our system is once again fully secure, and we have engaged experts to ensure it remains so,” Harvey Nichols stated, further claiming that it had witnessed no evidence of data misuse, at the time of writing.
“Please remain vigilant if you receive any suspicious emails or calls claiming to be from Harvey Nichols,” the company concluded.
Related Articles
Reinsurance
Reinsurance
Reinsurance