North Face and Cartier customer data stolen in cyber attacks
VF Corp wrote to customers to tell them that payment card information was not compromised
North Face and Cartier have become the latest retailers to see customer data breached in cyber attack incidents.
VF Corporation, the owner of North Face, wrote to some customers to inform them of “unusual activity” discovered last month, which was investigated “immediately”.
It told customers that the attacker could have obtained their email address and password in the “small-scale” attack, and may have accessed information stored on their accounts on its website. While this includes products they purchased, shipping addresses and preferences, payment card information was not compromised.
In a letter to customers, VF Corp said: “Following a careful and prompt investigation, we concluded that an attacker had launched a small-scale credential stuffing attack against our Website on April 23, 2025.”
A “credential stuffing attack” is a type of cybersecurity attack where the attacker uses account authentication credentials stolen from another source, such as a breach of another company or website, to gain unauthorised access to user accounts.
It added: “We do not believe that the incident involved information that would require us to notify you of a data security breach under applicable law. However, we are notifying you of the incident voluntarily, out of an abundance of caution.”
Meanwhile, Cartier’s system was hacked by attackers who “obtained limited client information”, and passwords and card details were not accessed, according to an email to its customers seen by BBC.
The firm reportedly said: “We contained the issue and have further enhanced the protection of our systems and data.”
The retailers become the latest to be hit by cyber attacks in recent weeks. Last week Adidas confirmed that it was hit by a cyber attack, stating that an external party obtained consumer data through a third party customer service provider.
The German sportswear giant claimed that the affected data did not contain passwords, credit card details or any payment related information, but was limited to contact information relating to consumers who had contacted its customer service help desk in the past.
The news also came on the heels of recent major cyber attacks on M&S and Co-op.
A hacking incident at M&S in April caused a widespread outage of M&S’s contactless payments and click-and-collect services, forcing customers to ditch their full weekly shops at the checkout and leaving shelves empty at some of its stores.
That same month, Co-op had to also shut down parts of its IT systems in response to hackers’ attempts to gain access.
VF Corporation and Richemont have been contacted for comment.
