The North Face, a prominent sports apparel brand, and Cartier, the luxury jewelry label, have reportedly become the latest fashion retailers targeted by cyber-attacks. This trend highlights increasing vulnerabilities within the fashion industry as high-profile brands grapple with security breaches.
According to a report from the BBC, The North Face became aware of a “small-scale” cyber incident earlier this April. The brand informed several customers that the attack was executed using a technique known as “credential stuffing,” wherein hackers exploit previously leaked usernames and passwords, hoping individuals will utilize the same credentials across different platforms.
The North Face indicated that the breach may have allowed unauthorized access to certain customer shipping addresses and purchase histories. In response, the brand has advised affected customers to change their passwords to mitigate any potential risks associated with compromised accounts.
Meanwhile, Cartier has also confirmed a security incident, acknowledging that “an unauthorized party gained temporary access to our system” which allowed them to obtain limited client information. Notably, financial data was not included. The luxury brand reassured customers that the issue has been reported to the relevant authorities, and added that they have bolstered their system protections to prevent future incidents.
These incidents add to a growing list of fashion retailers, including Adidas, Harrods, and Dior, that have experienced data breaches in the past couple of months. Notably, it appears that The North Face’s breach occurred while Marks & Spencer was grappling with a suspected ransomware attack, which may have set off this wave of incidents within the sector.
The repercussions of these breaches are significant, with Marks & Spencer reportedly losing over £1.2 billion in market value while its CEO, Stuart Machin, faces a £1.1 million salary reduction in the wake of the attack’s fallout. This exposes the far-reaching consequences of cyber vulnerabilities that are becoming all too common in the retail environment.
In evaluating these attacks through the lens of the MITRE ATT&CK Matrix, techniques such as initial access via credential stuffing and potentially lateral movement to explore data could have been employed by the attackers. This framework can serve as a useful reference for understanding the tactics and techniques likely involved in these breaches, emphasizing the need for robust cybersecurity measures in the retail sector.
As the fashion industry navigates these rising cyber threats, stakeholders are reminded of the critical importance of adopting comprehensive security protocols to safeguard sensitive customer data. FashionUnited has reached out to The North Face’s parent company, VF Corp, and Cartier for further comments on these incidents, underlining the necessity for proactive steps in combating cybersecurity risks.
