High-end jeweler Cartier and outdoor clothing chain The North Face have emerged as the latest victims of a burgeoning wave of online attacks against the world’s retail sector.
Both companies acknowledged data breaches in recent days that exposed customers’ information and highlighted the growing cybersecurity threats confronting businesses that keep personal data on file.
The North Face announced in April that hackers had breached accounts after stealing usernames and passwords from other breaches, a form of cyberattack called a “small-scale credential stuffing attack.”
The company said that the accessed data may have included full names, shipping addresses, purchase histories and, if the user saved this information, dates of birth, phone numbers and payment card information. Since then, The North Face reset the passwords of impacted users and encouraged all customers to use unique, strong passwords for their online accounts.
Cartier, a brand owned by the Richemont luxury group, also said “an unauthorized party accessed our system and accessed limited client information.” This reportedly included customer names, email addresses and countries of residence.
Like The North Face, Cartier said no passwords or financial information or sensitive payment data was affected. The firm has told regulators that it has managed to confine the breach, and is consulting with outside cybersecurity experts.
These are not isolated actions. In the past few weeks, large retailers including Adidas, Victoria’s Secret, Marks & Spencer and Harrods, have also disclosed major cyber incidents, which knocked out operations and potentially compromised customer data.
The retail industry, experts warn, is a prime target for cybercriminals because they hold mountains of personal and financial information of customers. Attacks now have all sorts of levels of sophistication, from credential stuffing and phishing, to ransomware and social engineering.
The fallout from such breaches goes well beyond the operational turmoil of the moment. - All of these can result in massive monetary losses, legal ramifications, and – most importantly – drastic damage to consumer trust and brand loyalty.
With cyber threats becoming more sophisticated, retailers should take a proactive approach to cybersecurity, ensuring that we have mandatory multi-factor authentication, that we conduct regular security audits, and that employees are always receiving training to thwart these ongoing complex attacks.
