North Face, Cartier brands hit by cyberattacks – customer data stolen
Fashion brand The North Face and luxury jewelry brand Cartier are the latest companies to officially reveal that their customers’ personal information was stolen.
North Face, which acknowledged a small-scale cyberattack last April, informed some customers about it via email.
Cartier, meanwhile, said that an unauthorized group had temporarily accessed its servers.
Both companies have also assured that only information such as customers’ names and email addresses were stolen, but that their financial information is safe.
Major retailers such as Adidas, Victoria’s Secret and Harrods have also been hit by similar cyberattacks in recent weeks.
Marks and Spencer (M&S) and the Co-op were targeted in April, causing significant disruption to their operations.
According to the North Face company, the hackers used a technique called “credential stuffing” in this attack.
This means taking the names and passwords of users stolen in a data breach and trying to apply them to other accounts.
In cases where many users use the same password across all accounts, this method becomes advantageous for cybercriminals.
The hackers also reportedly got hold of information such as shipping addresses and purchase history for some users in this attack.
The companies suggest that affected users change their passwords immediately.
Meanwhile, VF Corporation, a subsidiary of The North Face, was the victim of another cyber attack in December 2023.
In that attack, hackers reportedly targeted customer information for Vans, another popular brand owned by VF.
Cartier also responded to the data breach, saying it had identified a hacking incident on its systems and that the hackers had only accessed a “limited amount of customer information” in the attack.
However, it clarified that no passwords or card details were actually affected.
It also said, “We have contained the issue. We have further strengthened our cyber security systems.”
The company explained that it had filed a report with the relevant authorities regarding the incident.
Consumer data – a sea for cybercriminals!
Retail companies are becoming prime targets for cybercriminals these days.
Several high-profile companies have recently had to publicly announce that their companies have been hacked.
This is a harsh reality facing the cybersecurity industry, said James Hadley, founder of security firm Immersive.
“Retailers are flooded with consumer information, making them easy targets,” he said.
He warned that cybercriminals would use the stolen data to defraud victims in the future, obtaining more sensitive data.
They would “use this data to carry out legitimate-looking fraud schemes while impersonating real companies.”
In May 2024, Adidas revealed that details of customers who contacted its helpdesk had been stolen.
In the same month, Victoria’s Secret temporarily took down its US website.
The attack on the Co-op led to stock shortages in its stores.
Furthermore, M&S – which has been hit by the cyberattack – said its online services would be disrupted until July.
The company has forecast a loss of around ÂŁ300 million in profits for the coming year.
In a recent announcement, the company revealed that its CEO’s total salary package had risen to £7 million.