Cartier and North Face cyberattacks: Retailers hit as threat actors "smell blood in the water"
Hackers target a pair of new victims after blitzkrieg against famous high street brands including M&S, Harrods and the Co-op.
Cartier and The North Face have become the latest high-profile retailers to be hit by cyberattacks.
Last month, there was panic on the high street as M&S, Harrods & Co-op all reported major security incidents.
Now a pair of other major brands have suffered attacks, warning customers that key pieces of sensitive data may have been stolen.
The outdoor clothing brand North Face wrote to customers and said it had experienced a "small-scale credential stuffing attack" against its website on April 23, 2025. This type of attack involves the misuse of account authentication credentials stolen from other sources, like a data breach impacting a rival retailer
"We do not believe that the incident involved information that would require us to notify you of a data security breach under applicable law," it told customers. "However, we are notifying you of the incident voluntarily, out of an abundance of caution.
"Based on our investigation, we believe that the attacker previously gained access to your email address and password from another source (not from us) and then used those same credentials to access your account on our website."
What information was stolen in the North Face cyberattack?
The brand believes that attackers may have obtained key pieces of information, including customers' names, email addresses, dates of birth, and shipping addresses.
Payment details were not accessed because North Face only keeps a token on its system linking to a third-party payment card processor, which holds the full number.
A reminder, if one was needed, not to use the same flipping password for every website.
Tick tock for posh jewellery buyers?
Cartier makes expensive watches that mere mortals like us have never seen in real life, but are often observed on the wrists of celebs like Beyoncé and Taylor Swift.
The luxury brand stated that "limited client information," including names, email addresses, and the country in which customers reside, has been stolen.
"The affected information did not include any passwords, credit card details or other banking information," it told customers.
Lisa Webb, Which? Consumer Law Expert, offered this advice: "Consumers will no doubt be alarmed to discover that another two household brands have fallen victim to cyber attacks, particularly as it appears that customers' personal data has been compromised. Cartier and North Face must provide clear and timely updates to customers whose data has been stolen in the attacks, and support them in taking the necessary steps to protect themselves.
"If you think you may be affected, make sure to keep a close eye on bank accounts and credit reports for suspicious activity. Shoppers should also be wary of unexpected phone calls, emails or suspect ‘customer support’ messages popping up on social media regarding the breach, as scammers might try to take further advantage of this cyber attack by impersonating your bank or retailer.
"If you're ever unsure who you're speaking with, end the conversation and contact the company directly - for banking support you should call back on the number listed on your bank card."
Why are hackers attacking so many famous retailers?
Anthony Lloyd, Principal Cyber Technologist at tmc3, a Qodea company, told Machine that hackers were behaving like sharks who've sniffed out prey struggling in the ocean.
He said: "We’re seeing a ‘blood in the water’ effect in the retail sector: one major breach using a particular method has enticed more attackers to follow suit. Often, they are launching copycat attacks against other organisations within the same sector, assuming they have similar vulnerabilities. It’s less about a sudden surge in sophistication, more about attackers focusing on a sector they perceive as having both soft defences and high-value customer data.
"While large, interconnected systems are a factor, the vulnerability often comes down to people and priorities. Large retailers have a huge and often transient workforce, including temporary or agency staff on the shop floor, who are harder to make cyber-aware than corporate workers. There is also the issue of constant tension between security and customer experience; to keep online shopping slick and easy, retailers ignore multi factor authorisation (MFA) as it means an extra hassle for customers logging in. Attackers know this, and they go for it.
"Retailers need to address both internal and customer-facing threats to prevent attacks. We’ve seen The North Face hit by credential stuffing – which exploits customers reusing passwords from other breached sites – so strong passwords aren’t enough. What they need is MFA, regular checks for customer passwords against know compromised lists, and tools to detect and block high-volume login attempts typical in these attacks."
How should customers respond to the cyberattacks?
Mike Britton, CIO at Abnormal AI, said: "Even if financial or password data isn’t exposed, breaches like the one at Cartier still carry significant risk. Customer information remains a valuable asset for attackers to craft convincing phishing emails and impersonation attempts designed to deceive customers.
"The exposure of these details heightens the risk of social engineering, regardless of whether the organisation’s email systems were directly compromised. That’s why maintaining strong cyber hygiene is critical. Organisations should regularly review who has access to customer data and train staff to identify and respond to suspicious activity.
"We must recognise that these threats don’t end with the initial breach. Attackers often use stolen information in follow-up campaigns that may appear legitimate. These rely on tactics like a false sense of urgency or altered contact details. Sustained vigilance is vital, attackers often wait and strike later, when defences may be more relaxed."
What brand will be attacked next?
Although it's impossible to say which retailer will be targeted in the future - it is almost certain that we will see more attacks.
Glenn Akester, Technology Director for Cyber Security & Networks at Node4, said: "North Face and Cartier are the latest victims in the recent spree of cyberattacks targeting retail businesses. Worryingly, many organisations still operate on the outdated assumption that anything inside their network is safe, and only the perimeter needs defending. However, this model falls apart the moment an attacker gets hold of legitimate credentials.
"And that’s exactly what’s happening. Today’s attacks aren’t elite, technical hacks. They’re fast, persuasive and often alarmingly simple. Attackers are utilising a number of low effort techniques, such as social engineering attacks that convince employees to provide login details or approve MFA requests, hijacking valid login sessions or using leaked details obtained through past data breaches. None of these require ‘hacking skills’ in the traditional sense. They’re about slipping through the cracks – or tailgating through the front door someone else has opened.
"It’s time to stop thinking about cybersecurity as a checklist of tools and start thinking about it as a resilience strategy. Building resilience means assuming that something will get through eventually, and making sure your business can detect it, contain it, and recover quickly. This starts with understanding your risk surface, continuously monitoring for threats, testing and simulating attacks, and finally, having a clear and effective response plan."
Do you have a story or insights to share? Get in touch and let us know.
