North Face, Cartier customer info exposed in data breaches
Fashion and apparel retailers continue reporting cyberattacks.
Outdoor apparel and gear retailer The North Face and luxury jewelry/watch/accessories brand Cartier have both disclosed online security breaches. These announcements come in the wake of other recently publicized cyberintrusions reported by fashion and apparel retailers such as Victoria’s Secret, Dior, Marks & Spencer, Harrods, Co-Op and Adidas.
[READ MORE: Adidas discloses third-party data security breach]
In addition, North Face parent VF Corp. previously acknowledged that a December 2023 cybersecurity incident resulted in approximately 35.5 million individual consumers having some personal data stolen.
A brief synopsis of the North Face and Cartier incidents follow.
North Face
In a letter to affected customers publicly released by North Face, the retailer said on April 23, 2025, it discovered unusual activity involving its thenorthface.com website, which it investigated immediately.
Following an investigation, North Face said it concluded that an attacker had launched a small-scale credential stuffing attack where they used account authentication credentials (such as email addresses/usernames and passwords) stolen from another source, such as a breach of another company or website, to gain unauthorized access to user accounts.
Although North Face said it does not believe that the incident involved information that would require it to legally notify them of a data security breach it is notifying customers of the incident voluntarily, out of an "abundance of caution."
"We believe that the attacker previously gained access to your email address and password from another source (not from us) and then used those same credentials to access your account on our website," North Face said in the letter.
The retailer believes that the attacker obtained information which may include products they have purchased on the North Face e-commerce site, shipping address(es), preferences, email address, first and last name, date of birth and telephone number.
However, North Face said credit, debit, or stored value card information was not compromised and the attacker could not view payment card number, expiration date, or CVV code because it does not keep a copy of that information on its site.
North Face said it has taken steps included disabling passwords.
Cartier
In a letter to customers that has been reposted on social media platforms such as X, Cartier said an "unauthorized party" gained temporary access to its system and obtained limited customer information including name, email address and country.
However, Cartier said in the letter that the breached data did not include passwords, credit card details or other banking information.
“We have contained the issue and have further enhanced the protection of our systems and data” Cartier said in the letter. “We have also informed the relevant authorities and are working with leading external cybersecurity experts. Given the nature of the data, we recommend that you remain alert for any unsolicited communications or any other suspicious correspondence.”
The cybersecurity publication Bleeping Computer said it has contacted Cartier to obtain more information about the breach, such as when it took place and how many customers had their information exposed, but has not yet heard back.
In emailed commentary to Chain Store Age, Ade Clewlow MBE, associate director and senior advisor at cybersecurity consulting firm NCC Group, said the onslaught of cyberattacks dominating headlines is the reality retailers face daily in today’s threat landscape.
"The risks go far beyond high-profile retail breaches - in fact, industrials, not retail, was the most targeted sector in April, accounting for 32% of all recorded attacks," said Clewlow in the email. "We’re seeing cyber criminals weaponize emerging technologies and deploy increasingly sophisticated social engineering tactics at speed and scale."
"Organizations must double down on proactive cybersecurity strategies," Clewlow concluded. "In today’s environment, prevention isn’t just better than the cure, it’s the only viable defense."
