North Face and Cartier Hit by Cyber Attacks as Wave of Retail Breaches Grows
Fashion and luxury retail giants The North Face and Cartier have confirmed that customer data was stolen in recent cyber attacks, marking the latest in a growing list of high-profile retailers targeted by hackers.
In emails sent to affected customers, The North Face said it detected what it described as a “small-scale” cyber attack in April. Meanwhile, Cartier reported that an “unauthorised party” had briefly gained access to its systems, compromising some client information.
Both companies assured customers that financial data, including payment details and passwords, were not accessed. However, names, email addresses, and in some cases, shipping details and purchase histories were exposed.
The North Face explained that the breach was the result of a method known as “credential stuffing” – a tactic where attackers use login details leaked in other data breaches to access user accounts, banking on the likelihood that people reuse the same passwords across different platforms. Customers affected by the breach have been advised to change their passwords immediately.
This is not the first cybersecurity challenge for VF Corporation, the parent company of The North Face. In December 2023, it suffered another breach impacting its Vans brand, with similar concerns over customer data being compromised.
Cartier, in its notification to clients, confirmed that only a limited amount of personal information was accessed. The jewellery house said it had swiftly contained the breach and strengthened its security systems. It also reported the incident to the appropriate authorities.
These incidents come amid a spate of cyber attacks on major retailers. In recent weeks, Adidas, Victoria’s Secret, Harrods, Marks & Spencer (M&S), and the Co-op have all reported significant disruptions. The Co-op’s breach left some stores with empty shelves, while M&S anticipates a £300 million hit to its profits due to prolonged online service disruptions expected to last until July.
The UK’s National Crime Agency has said investigating these attacks is a top priority.
Cybersecurity experts say retail companies remain highly attractive targets due to the vast amounts of customer data they store. James Hadley, founder of cybersecurity firm Immersive, described the threat as a “harsh reality” for the sector. He warned that cybercriminals often aim to collect seemingly minor personal data, which can later be used for more sophisticated fraud.
“This is a long game,” Hadley said. “Retailers are overflowing with customer information, and attackers are more than willing to exploit that.”
