The incidents add to a growing list of cyber attacks on major retailers in recent weeks, including Adidas, Victoria’s Secret, Harrods, Marks & Spencer, and the Co-op
Fashion brand The North Face and luxury jeweller Cartier have become the latest high-profile retailers to fall victim to cyber attacks, with both companies confirming that customer data had been compromised.
The North Face, owned by VF Corporation, told affected customers it had detected a “small-scale” breach in April, which it said was the result of a “credential stuffing” attack—a technique where hackers use stolen usernames and passwords from previous breaches to gain unauthorised access to other accounts.
While no financial information was taken, the company said customer names, email addresses, shipping details and purchase histories may have been accessed. Impacted users have been advised to reset their passwords. The brand’s parent company was previously targeted in a separate incident in December 2023, affecting another label under its umbrella, Vans.
Cartier, meanwhile, confirmed that “an unauthorised party gained temporary access to our system”, with limited client information being accessed. The jeweller assured customers that no passwords or payment card data were compromised and said the breach had been swiftly contained. It has since strengthened its cyber security infrastructure and notified relevant authorities.
The incidents add to a growing list of cyber attacks on major retailers in recent weeks, including Adidas, Victoria’s Secret, Harrods, Marks & Spencer, and the Co-op. The wave of attacks has disrupted operations across the sector. M&S, for example, said the incident affecting its online services could reduce profits for the year by an estimated £300m. The Co-op also reported widespread disruption, with empty shelves reported across stores.
The UK’s National Crime Agency has said that identifying and apprehending those responsible is a top priority.
Retailers remain attractive targets for cyber criminals due to the volume of sensitive customer data they hold. James Hadley, founder of cyber security firm Immersive, described the attacks as a “harsh reality” for the sector. “Retailers are overflowing with customer information, making them easy targets,” he said.
Stolen personal data, even if it excludes financial details, can still be weaponised in future scams. “Cyber criminals are often content to play the long game—using stolen information to impersonate trusted brands and manipulate victims into handing over more sensitive data down the line,” Hadley warned.
In May, Adidas confirmed that personal details from its customer support database were taken, while Victoria’s Secret was forced to take down its US website following a security incident.
Despite the rising number of breaches, executive pay has remained under scrutiny. On Monday, M&S revealed that its chief executive’s total compensation rose to £7m, even as it grappled with the fallout from the cyber attack.
