Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims

North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer data. Explore the methods used by attackers and the wider impact on retail security.

Luxury jeweller Cartier and outdoor clothing giant The North Face are the latest major retailers to become the victims of data breaches. Both Cartier and The North Face have acknowledged that customer names and email addresses were obtained by unauthorized parties.

The North Face informed its customers via email about a “small-scale” attack in April this year, revealing that users’ shipping addresses and past purchase details might also have been exposed.

The company suspects a credential stuffing technique was used, where attackers leverage login details from other breaches to access accounts where customers reuse passwords. This is not a new issue for The North Face’s parent company, VF Corporation, as its brand Vans also experienced a cyberattack in December 2023.

Cartier reported that an “unauthorized party gained temporary access to our system,” resulting in “limited client information” being compromised. The luxury brand assured customers that neither passwords nor credit card details were accessed.

Cartier has since “contained the issue and further enhanced the protection of our systems and data,” and reported the incident to relevant authorities. While no financial information was stolen, the attacks highlight the need for stronger online security in the retail sector.

****Cyber Attacks on Retailers****

These recent breaches are part of a broader pattern of cyberattacks affecting the retail industry. Numerous high-profile companies, including Adidas, Harrods, and Victoria’s Secret, have faced similar challenges, with Victoria’s Secret even taking its US website offline in May due to a security incident.

Closer to home, Marks & Spencer and the Co-op experienced significant operational disruptions in April. Marks & Spencer, in particular, has estimated that the cyberattack could reduce its current year profits by roughly £300 million.

Adding to the concerning trend, Next Step Healthcare in Massachusetts recently confirmed a significant data breach from June 2024, impacting 12,090 individuals.

“The investigation determined that data may have been accessed or downloaded without authorization from certain Next Step systems. Next Step conducted a thorough review of these systems in order to identify the scope of the incident,” Next Step explained in a press release.

This incident exposed highly sensitive personal information, including Social Security numbers, medical records, financial account details, driver’s licenses, and credit/debit card numbers. The notorious ransomware gang Qilin claimed responsibility for this attack on July 17, 2024, with 10,041 affected individuals in Massachusetts and 1,697 in New Hampshire.

Glenn Akester, Technology Director for Cyber Security & Networks at Node4 commented on the incidents, stating, “Recent attacks on brands like North Face, Cartier, and M&S show that many retailers still lack the resilient cybersecurity foundations needed today. Too often, businesses assume their internal network is safe, but attackers are increasingly using simple methods like social engineering, stolen credentials, and hijacked sessions to slip through. Cybersecurity should no longer be seen as just a checklist of tools but as a resilience strategy, one that focuses on detecting, containing, and recovering from breaches quickly.”