Skip to content

Luxury Retail Under Siege: Cartier, Victoria's Secret, and North Face Hit by Cyber Attacks

Integrity360 · Story 6 of 6

A wave of cyber attacks has hit major global retailers, with Cartier, Victoria's Secret, and The North Face all disclosing data breaches within the same week, following a similar attack on Adidas. Luxury jeweler Cartier warned customers that its systems were compromised, exposing limited personal client information, though passwords, credit card details, and banking information were not affected. The company has notified law enforcement and engaged external cybersecurity experts. The North Face revealed that attackers launched a credential stuffing attack against its website on April 23, 2025, obtaining email addresses, passwords, and potentially accessing stored account information including shipping addresses, names, dates of birth, and phone numbers. Credential stuffing attacks use stolen username-password pairs from previous breaches to gain unauthorized access to accounts on other platforms. These incidents highlight the retail sector's growing vulnerability to cyber attacks, particularly through supply chain partners and credential reuse. For MENA-based retailers expanding digital operations, the incidents underscore the importance of implementing multi-factor authentication, monitoring for credential stuffing, and conducting regular security audits of third-party vendors.

Analysis
Live

The clustering of retail breaches suggests coordinated supply-chain targeting rather than isolated incidents. For MENA's rapidly growing e-commerce sector, this is a wake-up call to invest in credential monitoring and vendor security assessments before scaling.

Frequently Asked Questions
What is a credential stuffing attack?

Credential stuffing uses stolen username-password pairs from previous data breaches to automatically test login credentials across multiple websites, exploiting the fact that many people reuse passwords across services.