Luxury jeweller and outdoor retailer reveal customer data stolen as hackers target high-street brands in unprecedented wave of attacks
Luxury jewellery giant Cartier and outdoor clothing retailer The North Face have become the latest victims in an alarming surge of cyber attacks targeting major retailers, with both companies confirming customer data has been stolen by hackers.
The shocking revelations come as cyber criminals continue their relentless assault on high-street brands, following a string of devastating attacks in recent weeks that have crippled operations at Marks & Spencer, Co-op, Harrods, Dior, Adidas and Victoria’s Secret.
In an urgent email sent to customers on Tuesday, watchmaker Cartier warned that ‘an unauthorised party gained temporary access’ to its system and ‘obtained limited client information’ – marking yet another prestigious brand to fall victim to the cyber crime epidemic sweeping the retail sector.
CARTIER CUSTOMERS TARGETED
The French luxury goods brand, whose glittering jewellery has adorned celebrities including Taylor Swift, Angelina Jolie and Michelle Obama, confirmed the breach in a stark admission that will send shockwaves through its elite clientele.
According to the breach notification, hackers managed to steal:
- Customer names
- Email addresses
- Countries of residence
In a small consolation for worried customers, Cartier stressed that passwords and banking information were NOT compromised, as these were stored in separate systems.
We have contained the issue and further enhanced the protection of our systems and data,” the company said, while urging customers to “remain alert for any unsolicited communications or any other suspicious correspondence.
NORTH FACE HIT BY ‘CREDENTIAL STUFFING’
Meanwhile, The North Face revealed it had fallen victim to a sophisticated “credential stuffing” attack in April, where cyber criminals used usernames and passwords stolen from other data breaches to break into customer accounts.
The outdoor clothing giant disclosed that hackers had accessed far more extensive personal data, including:
- Full names
- Purchase history
- Shipping addresses
- Email addresses
- Dates of birth
- Phone numbers
The company discovered “unusual activity involving our website, thenorthface.com” on April 23, 2025, and has advised all affected customers to change their passwords immediately.
This marks the second time parent company VF Corporation has been targeted, following a separate attack on its Vans brand in December 2023.
RETAIL SECTOR UNDER SIEGE
The twin attacks on Cartier and North Face represent just the latest casualties in what security experts are calling an unprecedented assault on the retail sector.
Marks & Spencer – Britain’s beloved high-street retailer faces a staggering £300 MILLION loss after hackers brought its online operations to a standstill for weeks. The attack left shelves bare and forced staff to resort to pen and paper to manage billions of pounds worth of stock movements.
Co-op – The food retailer confirmed customer data was stolen and warned staff to stop using VPNs as hackers may have been monitoring internal communications. CEO Shirine Khoury-Haq described the attackers as “highly sophisticated.
Victoria’s Secret – The lingerie giant was forced to completely shut down its US website for nearly a week, displaying only a stark message about a “security incident.” The company’s share price plunged 7% as online orders – worth an estimated £3.8 million daily – ground to a halt.
Dior – The French fashion house admitted hackers accessed its customer database on May 7, stealing names, addresses, phone numbers and purchase histories. The luxury brand now faces legal scrutiny in South Korea for allegedly failing to notify authorities promptly.
Adidas – The sportswear giant revealed attackers gained access to customer data through a third-party service provider, exposing contact information of customers who had contacted its help desk.
Harrods – The iconic Knightsbridge department store confirmed it was hit but has remained tight-lipped about the extent of the damage.
DRAGONFORCE GANG SUSPECTED
Security experts believe many of these attacks are linked to the notorious DragonForce ransomware group, with the English-speaking hacking collective known as “Scattered Spider” acting as their affiliate.
The gang – described as consisting of “mostly teenagers” – uses sophisticated social engineering tactics, including:
- Impersonating employees to trick IT help desks
- Requesting password resets from support staff
- Using “credential stuffing” with stolen passwords
- Deploying ransomware to encrypt company systems
James Hadley, founder of cybersecurity firm Immersive, warned: “Retailers, overflowing with customer information, have become easy prey. The recent string of breaches will have emboldened attackers further.”
‘WAKE UP CALL’ FOR BRITAIN
The National Cyber Security Centre (NCSC) has described the attacks as a “wake up call” for British businesses, urging all retailers to urgently review their security procedures.
“Criminal activity online – including ransomware and data extortion – is rampant,” warned NCSC officials Jonathon Ellison and Ollie Whitehouse. “All organisations, of all sizes, need to be prepared.”
The attacks have exposed alarming vulnerabilities in the retail sector:
- Many companies lack proper business continuity plans
- Third-party suppliers represent weak links in security chains
- Social engineering tactics easily bypass technical defences
- Recovery times are measured in months, not days
FINANCIAL CARNAGE
The financial toll is staggering. M&S alone has seen more than £1 BILLION wiped off its market value since the attack was revealed, with its share price plummeting 14%.
Industry analysts estimate:
- M&S: £300 million in lost profits
- Victoria’s Secret: £3.8 million daily in lost online sales
- Sector-wide losses potentially exceeding £1 billion
CUSTOMERS AT RISK
While retailers insist financial data remains secure, security experts warn the stolen information provides cyber criminals with everything they need for sophisticated follow-up attacks.
Mike Britton, CIO at Abnormal AI, cautioned: “Attackers can exploit exposed customer information to craft convincing phishing emails and impersonation attempts, which can lead to further compromise.”
Customers are being urged to:
- Change passwords immediately
- Enable two-factor authentication
- Monitor bank statements closely
- Be suspicious of all unsolicited emails
- Never click links in unexpected messages
THE BOTTOM LINE
As cyber criminals continue their relentless assault on the retail sector, one thing is crystal clear: no brand – no matter how prestigious or well-protected – is safe from attack.
With hackers growing bolder by the day and recovery times stretching into months, shoppers face an anxious wait to discover which beloved brand will be next to fall victim to the cyber crime epidemic gripping Britain’s high streets.
For millions of customers whose personal data now sits in the hands of criminals, the question isn’t if they’ll be targeted – but when.
