Outdoor clothing company North Face and luxury jeweler Cartier are the latest retailers to be hit by cyber attacks following a spate of incidents across the industry.
Cartier hasn't specified when the attack took place, but told customers that it had contained the issue and ramped up protection of its systems and data. The luxury retailer has informed relevant authorities and said it is working with external cybersecurity experts.
North Face, meanwhile, said it discovered unusual activity on 23rd April and immediately took steps to contain the incident.
"Following a careful and prompt investigation, we concluded that an attacker had launched a small-scale credential stuffing attack against our Website on April 23, 2025," it wrote to customers.
"Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple websites."
The attackers had previously gained access to affected users' email addresses and passwords from another source, it said. These same credentials were then used to access their North Face accounts.
Both firms have confirmed that customer data has been stolen, but not financial information.
"We determined that this incident may have affected some of your information, specifically your name, e-mail and country," Cartier wrote to customers. "The affected information did not include any passwords, credit cards or other financial information."
North Face revealed data stolen by threat actors included products purchased via the company's website, shipping addresses, preferences, email addresses and names, along with dates of birth and telephone numbers - providing they had been saved to a customer account.
Retail cyber attack fallout continues
Mike Britton, CIO at Abnormal AI, warned that even when financial data or passwords aren’t exposed, breaches such as Cartier's still carry a significant risk.
"Customer information remains a valuable asset for attackers to craft convincing phishing emails and impersonation attempts designed to deceive customers," he said.
Britton emphasized that threats don’t necessarily end with the initial breach, adding that customer vigilance is vital.
“Attackers often wait and strike later, when defenses may be more relaxed,” he said.
These incidents are just the latest in a series of cyber attacks on retailers around the world.
Adidas, Victoria's Secret, and Harrods have all been hit in recent weeks while supermarket chains such as M&S and the Co-op experienced significant disruption following attacks in April.
James Hadley, founder and chief innovation officer (CIO) at Immersive, said the spate of attacks show a “harsh reality is dawning” for the retail sector, which has long been a prime target for threat actors.
“While many have security measures in place, a lack of recovery plans and inadequate incident response means retailers remain perpetually vulnerable,” he said.
"Retailers, overflowing with customer information, have become easy targets for attackers and the consequences are substantial. Attackers already knew the retail sector had weak defences; however, the recent string of breaches will have emboldened them further."
MORE FROM ITPRO
-
Keepit appoints new vice president for the UK and IrelandNews Former Veeam executive Dan Middleton will lead Keepit’s UKI business into its next phase of growth
-
Confused at all the threat group names? You’re not alone. CrowdStrike and Microsoft want to change thatNews CrowdStrike and Microsoft hope to "bring clarity and coordination" to the cyber industry by unifying threat group naming conventions.
