Cartier, North Face among fashion brands targeted in latest cyberattacks
What's the story
Luxury fashion brand Cartier has confirmed a data breach, compromising some of its customers' personal information.
The company sent notification letters to affected individuals, informing them that hackers had gained access to its systems and stolen a limited amount of customer information.
The compromised data includes names, email addresses, and countries of residence but does not include sensitive information.
Adidas, Victoria's Secret, and Marks & Spencer are among the major fashion brands that have recently experienced cyberattacks.
Caution
Cartier advises customers to stay vigilant
Cartier has warned its customers that the stolen data could be used for targeted attacks.
The company has advised them to remain alert for any unsolicited or suspicious communications.
"Given the nature of the data, we recommend that you remain alert for any unsolicited communications or any other suspicious correspondence," Cartier said in its breach notification.
Cartier has reported the incident to law enforcement and is working with a third-party cybersecurity firm to address the breach.
Attack details
The North Face suffers credential stuffing attack
Outdoor apparel retailer The North Face has also been a victim of a cyberattack.
The company has warned its customers that their personal information was stolen in credential stuffing attacks targeting its website in April.
These attacks involve threat actors trying to gain unauthorized access to user accounts by automating login attempts with username-password pairs leaked in previous data breaches.
Investigation findings
The North Face's response to the attack
The North Face has started sending data breach notifications to affected customers.
The notice reveals that on April 23, 2025, "we discovered unusual activity involving our website, thenorthface.com."
After a thorough investigation, it was concluded that an attacker had launched a small-scale credential stuffing attack against their website on the same day.
The exposed data includes full names, purchase history, shipping addresses, email addresses, dates of birth and telephone numbers.