Cartier and North Face become latest retailers hit by cyber attacks

These incidents add to a growing wave of cyber intrusions targeting major retailers, including recent disruptions faced by Marks & Spencer, which continues to grapple with the aftermath of its attack.

The North Face informed some customers via email that it detected a “small-scale” attack in April this year. Similarly, Cartier disclosed that “an unauthorized party gained temporary access to our system.” Both companies have confirmed that customer names and email addresses were stolen, but no financial information was compromised.

The attack on The North Face reportedly involved a “credential stuffing” technique, where cybercriminals use usernames and passwords obtained from other data breaches to gain unauthorized access to accounts where customers have reused the same credentials.

This method may have exposed some users’ shipping addresses and purchase histories. Affected customers have been advised to change their passwords. This isn’t the first time The North Face’s owner, VF Corporation, has been targeted, with its brand Vans also impacted by a separate cyber attack in December 2023.

For Cartier, the breach involved direct access to its system, resulting in “limited client information” being obtained. The luxury brand emphasized that passwords and card details were not accessed, and that it has “contained the issue and further enhanced the protection of our systems and data,” while also reporting the incident to relevant authorities.

These breaches underscore an intensifying threat landscape for retailers. The recent past has seen a string of high-profile cyberattacks, including Adidas and Victoria’s Secret, which had to take down its US website in May due to a “security incident.”

Closer to home, Marks & Spencer and the Co-op suffered significant operational disruptions in April. M&S, in particular, estimates that the attack will reduce its current year profits by approximately £300 million. On Monday, it revealed its chief executive’s total pay package had grown to £7m.

Says Lauren Wills-Dixon, head of data privacy at law firm Gordons:

“These are the latest in a string of high-profile cyber attacks on retail brands, once again highlighting the importance of robust cybersecurity measures in an increasingly digital world.

“Retailers are among the most common targets for cyber attacks because of the large amounts of customer data they hold, and the increased use of technology by the industry to reduce overheads and streamline operations has raised the risk even further.

“In this new world, it’s not ‘if’ but ‘when’ a cyber-attack will happen. It’s absolutely critical that retailers take legal, regulatory and best practice measures to build and maintain cyber resilience.”

Adds Julius Cerniauskas, CEO of web intelligence experts Oxylabs:

“The breaches at Cartier and The North Face send a clear message that no brand is safe from cybercrime, not even the biggest names with the deepest pockets. Attackers are becoming more opportunistic and sophisticated, targeting brands that hold valuable customer data, not just credit card numbers.

“In the case of The North Face, credential stuffing shows how recycled passwords from past breaches continue to fuel new attacks. Cartier’s incident demonstrates how even well-defended systems can be compromised. Whether it’s luxury retail or everyday consumer brands, hackers are finding weak spots and exploiting them fast.

“Retailers must respond with more than apologies. Proactive steps like enforcing multi-factor authentication, tightening access controls, and constantly monitoring for threats are now essential.”

The UK’s National Crime Agency has stated that apprehending the criminals behind these retail cyber attacks is a top priority.