North Face and Cartier customer data stolen in cyber attacks
North Face and Cartier‘s customer data being stolen is just one of many recent big names who have been braeched, expressing the increase in the retail sector being a major target for cybercriminals, so no mater how big your retail store is, online or offline, we strongly suggest that your business takes further actions to protect your customer data.
The recent breaches at North Face and Cartier are just the latest in the growing list of high-profile attacks that also includes adidas, Victoria’s Secret, Harrods, M&S and Co-op.
These incidents are not isolated – they’re part of a broader trend where attackers exploit the vast amounts of customer data retailers hold. From names and email addresses to shipping details and purchase histories, this information is gold for cybercriminals.
What happened?
- North Face experienced a credential stuffing attack, where hackers used stolen login credentials from other breaches to access customer accounts.
- Cartier suffered a system breach that exposed limited client information.
- Both companies confirmed that financial data was not accessed, but the exposure of personal data still poses serious risks, including phishing and identity theft.
These breaches underscore a harsh reality: retailers are overflowing with customer data and often underprepared to defend it.
Top 5 cyber security actions your retail business must take:
- Implement multi-factor authentication (MFA)
- Credential stuffing only works when passwords are the sole barrier. MFA adds a critical second layer of defense.
- Enforce strong password policies
- Require customers and employees to use unique, complex passwords. Consider integrating password managers or breach detection tools.
- Monitor and detect anomalous activity
- Use AI-driven threat detection to identify unusual login patterns, access attempts, or data transfers in real time.
- Encrypt customer data at rest and in transit
- Even if attackers gain access, encrypted data is far less useful. Ensure all sensitive data is encrypted using industry standards.
- Regularly audit and patch systems
- Outdated software is a common entry point. Conduct regular vulnerability assessments and apply patches promptly.
Cybersecurity is no longer optional, it’s a business imperative. Retailers must treat customer data with the same care as financial assets. The cost of inaction isn’t just financial (as M&S’s £300m loss shows) – it’s reputational.
If you’re unsure where to start or want a security assessment that is specific to your retail business, please reach out. We help retailers build resilient, Zero Trust environments that keep both your data and your customers safe.
