Lauren Wills-Dixon discusses second Harrods cyber attack in Drapers

Head of privacy, Lauren Wills-Dixon, has been featured by leading retail sector publication Drapers on how retailers can protect themselves from third-party data breaches, following the second Harrods cyber attack this year.

A second attack was first reported on 28 September, in which hackers stole data relating to 430,000 customer records. This was unrelated to an initial attack on 1 May.

Harrods stated that no payment details or order history information had been accessed and that the impacted personal data remained limited to basic personal identifiers.

Lauren commented: “This is the second cyber-attack to affect Harrods in six months – this time, it is reported that 430,000 customer records have been stolen.

“Cyber-attacks are now prevalent in the retail sector. Throughout 2025, we have seen multiple security incidents caused by malicious actors take place.

“Clients are advised to always prepare for an attack, as it is not a question of ‘if’ but ‘when.’ Preventative measures should be taken alongside business continuity, disaster recovery and breach plans.”

In the article, Lauren emphasises the importance of cybersecurity and senior-level oversight. She details how retailers, as data ‘controllers,’ must ensure compliance with GDPR by conducting due diligence on IT vendors, maintaining proper contracts, and how to prepare for potential breaches.

You can read Lauren’s comments in Drapers here (subscription required).

Our data privacy lawyers provide specialist, practical and straight-forward advice. Find out more about what they can do for you.