Fashion brand The North Face and luxury jeweller Cartier have become the latest retailers to report having customer data stolen in cyber attacks.

North Face has emailed some customers saying it discovered a "small-scale" attack in April this year.

Cartier said "an unauthorized party gained temporary access to our system".

Both brands say data such as customers names and email addresses were taken, but financial information was not.

There has been a wave of cyber attacks on high-profile retailers in recent weeks, including Adidas, Victoria's Secret and Harrods.

Marks and Spencer (M&S) and the Co-op had their operations severely disrupted when they were targeted in April.

The UK's National Crime Agency has said catching the criminals responsible is their top priority.

North Face told customers the hackers it was targeted by used a technique called "credential stuffing", where attackers try usernames and passwords stolen from another data breach, in the hope customers have reused the same passwords across multiple accounts.

They say the attackers may have been able to gain access to some users' shipping addresses and purchase histories.

Affected customers will need to change their passwords.

North Face's owner, VF Corporation, was hit by a separate cyber attack in December 2023.

That affected another of its brands, Vans, with its customers being warned their information may be at risk.

Cartier's data breach, meanwhile, was a hack of its system where attackers "obtained limited client information," according to an email to its customers seen by BBC News.

Passwords and card details were not accessed, it said.

The firm added: "We contained the issue and have further enhanced the protection of our systems and data."

It also said it had reported the incident to the relevant authorities.

BBC News has contacted North Face and Cartier for comment.

'Overflowing' with data

Retailers are often targets of cyber attacks, and there have been a string of high-profile companies publicly reporting being hacked recently.

The attacks are a "harsh reality" for the industry, said James Hadley, founder of cyber-security company Immersive.

Retailers are "overflowing with customer information," becoming "easy targets for attackers," he added.

Stolen customer data can be used to impersonate legitimate companies and trick victims into giving away more sensitive data in the future, with cyber-criminals "often content to play the long game," he said.

In May, Adidas said the details of people who had contacted its help desk were stolen.

Victoria's Secret also had to take down its US website in May after a "security incident".

The attack on Co-op left it with empty shelves, while M&S says its online services will be disrupted until July.

M&S estimates it will reduce profits for the current year by around £300m.

On Monday, it revealed its chief executive's total pay package had grown to £7m.

Source:
courtesy of BBC NEWS

by Imran Rahman-Jones

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]