Fashion & Luxury Brands Become Latest Cyber Attack Targets
Leading outdoor brand The North Face and luxury jeweller Cartier have joined a growing list of high-profile retailers reporting recent cyber attacks that resulted in the theft of customer data. While both companies confirmed that financial information was not accessed, the incidents highlight the ongoing vulnerability of the retail sector and the sophisticated methods employed by cybercriminals.
The North Face Breach: Credential Stuffing Explained
The North Face informed some customers via email that it discovered a “small-scale” attack on its website in April, detected after noticing “unusual activity.” The company identified the method used as “credential stuffing.”
This technique involves attackers using automated tools to try username and password combinations previously stolen from other data breaches. Attackers leverage the common practice of customers reusing the same login credentials across multiple online accounts. By successfully gaining access to customer accounts this way, attackers were able to view certain details.
The data potentially accessed included customer names and email addresses, and possibly more specific information such as:
Products purchased
Shipping addresses
Customer preferences
Dates of birth
Telephone numbers
Crucially, The North Face reiterated that payment card information and sensitive financial details were not compromised in this incident. Affected customers have been strongly advised to change their passwords immediately, especially if they used the same password on other websites. This isn’t the first such incident for The North Face’s parent company, VF Corporation, which also saw another brand, Vans, affected by a separate cyber attack in December 2023.
Cartier’s Security Incident
Luxury jeweller Cartier, part of the Richemont group, also reported a data breach. The company stated that “an unauthorized party gained temporary access to our system and obtained limited client information.”
According to emails sent to customers, the information accessed included customer names, email addresses, and the country where they reside. Like The North Face, Cartier confirmed that sensitive data such as passwords and card details were not accessed during the incident.
Cartier stated that it has since “contained the issue and have further enhanced the protection of our systems and data,” and has reported the incident to the relevant authorities. Due to the nature of the data potentially compromised, Cartier advised its customers to “remain alert for any unsolicited communications or any other suspicious correspondence.”
A Broader Trend: Retailers Under Fire
These attacks on The North Face and Cartier are not isolated events but are part of a significant wave of cyber incidents impacting the retail sector in recent weeks and months. Other major brands recently targeted include:
Adidas
Victoria’s Secret
Harrods
Marks and Spencer (M&S)
The Co-op
The impact on some of these retailers has been severe, extending beyond data theft to cause significant operational disruption. Marks & Spencer, for example, halted all online orders since April due to a cyber incident and anticipates disruptions until July, estimating a potential £300 million reduction in current year profits as a result. The Co-op reportedly faced empty shelves following its own attack in April. Adidas reported stolen help desk details in May, while Victoria’s Secret had to temporarily take down its US website after a security incident the same month.
Why Retailers Are Prime Targets
Cybersecurity experts point out that the retail industry is a frequent and attractive target for attackers. As James Hadley, founder of cybersecurity company Immersive, notes, this is a “harsh reality” for the industry because retailers are “overflowing with customer information,” making them “easy targets for attackers.”
While financial data is a primary target, even seemingly less sensitive information like names, emails, purchase history, and demographics is valuable to cybercriminals. This data can be used to enrich existing datasets, enabling more sophisticated attacks such as targeted phishing campaigns, impersonation scams, or even identity theft over time. As experts warn, cybercriminals are “often content to play the long game” using compromised data. The personal data of high-net-worth individuals, often customers of luxury brands like Cartier, can be particularly valuable for malicious activities such as blackmail.
Beyond customer data, breaches also pose risks to a company’s internal operations, potentially exposing sensitive documents like financial records or supply chain details. However, the most significant and lasting impact of such incidents is often the potential for severe reputational damage to the affected brands.
Expert Insights & Moving Forward
Given the increasing frequency and sophistication of attacks, cybersecurity experts emphasize the need for preparedness over panic. Ade Clewlow MBE, associate director at NCC Group, advises businesses to “double-down on proactive cyber security strategies,” stating that prevention is the “only viable defense” in the current landscape. The UK’s National Crime Agency has highlighted catching the criminals responsible for these retail sector attacks as a top priority.
For consumers, these incidents serve as a crucial reminder to practice good cyber hygiene, including using strong, unique passwords for different online accounts and being vigilant about unsolicited communications.
References
- https://www.bbc.com/news/articles/c39x3jpv8lyo
- https://www.bbc.co.uk/news/articles/c39x3jpv8lyo
- https://uk.finance.yahoo.com/news/north-face-cartier-customer-data-155035111.html
- https://pa.media/blogs/pa-editors-picks/north-face-and-cartier-customer-data-stolen-in-cyber-attacks/
- https://www.mytotalretail.com/article/the-north-face-and-cartier-report-cyber-attacks/