The North Face and Cartier have confirmed breaches that compromised customer data as the number of cyber attacks against retailers continues to climb.
The North Face informed customers of a “small-scale” attack discovered in April, whilst Cartier stated that an “unauthorised party” had temporarily gained access to its systems. Both companies confirmed that names and email addresses were stolen, but assured customers that hackers did not take possession of financial data or passwords.
The North Face revealed that the attack used a method called “credential stuffing” that exploits passwords reused from previous breaches. As a precaution, affected customers were asked to change their passwords. The brand’s parent company, VF Corporation, had already suffered a separate breach in December 2023 that affected another of its brands, Vans.
In its communication to customers, Cartier stated that access to customer information was restricted and that the breach was contained. It added that it had boosted its cyber security measures and reported the incident to the relevant authorities.
These attacks are part of a series of recent cyber security incidents that have affected high-profile retailers, including Marks & Spencer, Co-op, Adidas and Victoria’s Secret. At the end of May, Adidas disclosed it had been hit by a cyber attack in which customers’ personal information was stolen.
The German sportswear giant said criminals had obtained “certain consumer data” through a third-party customer service provider, though the company confirmed that passwords and credit card details were not compromised.
Other cyber security disruptions have ranged from compromising customer service systems to emptying shelves and significant profit losses, with M&S predicting £300 million worth of damage this year.
