Apparel company The North Face and jewellery retailer Cartier have become the latest retail brands to fall victim of cyber breach incidents resulting in the theft of consumer information.
In April 2025, The North Face, owned by VF Corporation, notified some of its customers of a “small-scale credential stuffing attack” against the website.
Go deeper with GlobalData
Credential stuffing attacks are a form of cyber-attack in which an attacker uses stolen authentication details, such as email addresses or usernames and passwords, from one breach to gain unauthorised entry into user accounts on different platforms. These types of attacks often take advantage of the common practice of reusing the same login information across various websites.
The US brand has advised affected customers to change their passwords.
Meanwhile, Cartier has disclosed that an “unauthorised party gained temporary access” to its system. The company stated that it has since enhanced its system protections and reported the incident to authorities.
Both companies confirmed the theft of personal details such as names and email addresses, but gave assurances that financial data remained secure.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe recent spate of cyber-attacks has affected retailers including global sportswear brand Adidas, US lingerie retailer Victoria’s Secret and UK department store Harrods.
Victoria’s Secret recently postponed the release of its first quarter (Q1) 2025 earnings due to a “security incident” affecting its information technology systems.
In May 2025, Adidas confirmed that an unauthorised party had accessed certain consumer data via a third-party customer service provider.
UK retailers Marks & Spencer (M&S) and the Co-op also experienced significant operational disruptions after being targeted in April 2025.
M&S anticipates a £300m ($405.7m) reduction in profits for the financial year 2025/26. It has disclosed a £7m pay package for its chief executive.
Tata Consultancy Services is investigating the breach at M&S and recently partnered with the Co-op to upgrade its IT infrastructure and implement a cloud-first strategy.
The UK’s National Crime Agency is prioritising efforts to apprehend the cyber criminals responsible for these attacks.
