Fashion retailer The North Face and luxury jeweller Cartier are among the latest brands to have been targeted by cyber criminals, after a spate of hacks aimed at high profile retailers.

Small scale hack at The North Face

Outdoor apparel brand, The North Face, confirmed it had fallen victim to a “small scale” cyber incident in April. It said customer information was taken during the attack, however credit card details and financial information were not compromised.

The hack on The North Face is believed to have stemmed from ‘credential stuffing’, according to reports by BBC News. This is where cyber criminals reuse usernames and passwords stolen in previous hacks in the hope customers have reused their information across multiple accounts.

The North Face has advised any affected customers to change their passwords.

Cartier confirms ‘limited’ customer data has been stolen

Cartier also confirmed it had been victim of a cyber incident, saying criminals had hacked its website and obtained “limited” shopper information in an email to customers on Tuesday (03 June 2025).

It said an “an unauthorised party” had gained temporary access to its system, but confirmed that the data breach was only confined to email addresses, names and customers’ country of residence. It is understood that no financial information, card details or passwords were stolen.

Cartier has added it believes the cyber incident now to be “contained”, telling Reuters it has since “further enhanced the protection of its systems and data” and is working with the authorities and external cyber security experts.

A sobering reality: retailers lack cybersecurity resilience

The breaches at The North Face and Cartier follow a spree of cyber crime targeting retailers, with M&S, Co-op, Harrods and Adidas all being involved in cyber incidents over recent weeks.

In his latest guest post for Retail Rewired, Extreme Networks’ CISO, Phil Swain, told us that the scale of recent retail cyber attacks was a “sobering” wake-up call that even the most established retailers are vulnerable.

He said that in the race for digital transformation and AI deployment, retailers may be overlooking critical vulnerabilities in their cyber security infrastructures. And this potentially means they lack the resilience and preparedness needed to ward off rising threats.

“Retailers operate sprawling, interconnected environments that span ecommerce platforms, mobile apps, smart stores and public Wi-Fi,” Swain said. “Each of these surfaces can introduce potential vulnerabilities – and they are increasingly being targeted by attackers.”

“Recent breaches show how quickly things can unravel when vulnerabilities are exploited. Retailers that build cybersecurity into the foundation, invest in the right platforms and engage their people will be best positioned to thrive.”

Phil Swain, CISO, Extreme Networks

“Worryingly, many organisations still operate on the outdated assumption that anything inside their network is safe, and only the perimeter needs defending,” Glenn Akester, Technology Director for Cyber Security & Networks at Node4, added. “However, this model falls apart the moment an attacker gets hold of legitimate credentials.” 

“Today’s attacks aren’t elite, technical hacks. They’re fast, persuasive and often alarmingly simple,” according to Akester. He said in most cases hackers are using ‘low effort techniques’, such as convincing employees to grant access, hijacking valid login sessions or using leaked details obtained in prior data breaches, to gain access.

“None of these require ‘hacking skills’ in the traditional sense. They’re about slipping through the cracks – or tailgating through the front door someone else has opened,” he added.