In yet another blow to the global retail sector, fashion brand The North Face and luxury jeweller Cartier have disclosed data breaches exposing sensitive customer information. Both companies confirmed that names and email addresses were accessed, though financial data, such as payment information and passwords, were reportedly not compromised.
The North Face revealed it detected a “small-scale” attack in April 2025 and has since emailed affected customers. According to the company, the breach was executed using a technique known as credential stuffing, where hackers leverage usernames and passwords obtained from previous breaches, banking on victims reusing credentials across platforms. This method potentially exposed user shipping addresses and purchase histories.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Cartier, on the other hand, reported that “an unauthorized party” temporarily accessed its system. The breach, the company stated, resulted in the exposure of limited client information. No passwords or credit card data were accessed. The company says it has now “contained the issue” and enhanced its cybersecurity protocols.
North Face’s parent company, VF Corporation, was previously affected by a separate breach in December 2023 involving its footwear brand Vans, putting additional scrutiny on its data protection measures.
Wave of Cyberattacks Engulfing Global Retail
The breaches at North Face and Cartier are part of a wider trend. In recent months, major retail players including Adidas, Victoria’s Secret, Marks & Spencer (M&S), Harrods, and the Co-op have reported significant cyber incidents. These attacks have disrupted operations, damaged reputations, and led to financial losses.
M&S confirmed that its online services may remain affected until at least July, and estimated a £300 million(₹3,180 crore) reduction in profits due to the breach. Co-op’s retail chain was left with empty shelves, highlighting how digital attacks can severely impact physical supply chains.
Victoria’s Secret temporarily took down its U.S. website after a “security incident,” while Adidas acknowledged that help desk users’ data had been stolen.
The UK’s National Crime Agency has emphasized that tracking and arresting the perpetrators of such attacks is now a national priority.
Retail: A Prime Target for Cybercriminals
Cybersecurity experts warn that the retail industry is particularly vulnerable due to the vast amounts of consumer data it stores. James Hadley, founder of cybersecurity firm Immersive, noted that companies are “overflowing with customer information,” making them easy and lucrative targets for attackers.
Hadley stressed that stolen personal information is often used for long-term manipulation, including impersonating companies to extract more sensitive data from unsuspecting customers.
This growing cybersecurity challenge, experts argue, demands more than reactive measures. Retailers need to adopt proactive threat intelligence systems, secure their digital ecosystems, and continuously educate consumers about the risks of password reuse and phishing tactics.
As AI-fueled attacks and automated hacking tools evolve, so must the industry’s defense mechanisms. The breaches at The North Face and Cartier serve as a reminder that even luxury and legacy brands are not immune to the growing sophistication of cyber threats.