French luxury goods conglomerate Cartier has informed its customers of a data breach that has compromised personal information. The company issued notification letters to its clients detailing the breach and the nature of the information exposed after an unauthorised party gained access to its systems, BleepingComputer reported.
Founded in 1847, Cartier is a prominent name in the luxury segment known for its high-end jewellery, watches, leather goods, and accessories. Data compromised within its systems includes customer names, email addresses, and countries of residence. However, the luxury brand confirmed that more sensitive information, such as passwords, credit card numbers, and banking details, was not accessed. Despite this, Cartier has advised customers to remain vigilant against potential phishing attempts and suspicious communications. The company further confirmed that it has contained the issue and has enhanced protective measures to prevent future incidents.
Cartier has not provided further information regarding the breach’s timing or the number of individuals affected. However, the company has reported the incident to law enforcement and is collaborating with an external cybersecurity firm to address the breach.
Cartier incident adds to series of cyberattacks on fashion industry
The incident at Cartier is part of a broader trend of cyberattacks targeting fashion brands. Recently, several other high-profile fashion companies have reported similar breaches.
In May, another French luxury fashion brand, Dior, disclosed a data breach involving customer contact information and purchase histories. German sportswear manufacturer Adidas also warned customers about a breach through a third-party service provider, which resulted in the exposure of contact details but not payment information. Victoria’s Secret also experienced a security incident last week, leading to the temporary suspension of its website and some store services. The company has initiated an investigation in collaboration with cybersecurity experts.
Additionally, outdoor apparel retailer The North Face recently notified customers that a credential stuffing attack in April led to the theft of personal information. In such attacks, threat actors attempt unauthorised access using previously exposed username-password pairs. However, payment information was not compromised in this incident as an external provider manages payments on the site. It remains unclear if all these breaches are related.
Beyond the fashion industry, UK retailers such as Marks & Spencer (M&S), Harrods, and Co-op have also faced cyberattacks in recent months. M&S, in particular, anticipates a £300m decline in operating profit this year due to a ransomware attack.
Read more: 97% of CISOs prioritise Zero Trust strategies amid escalating cyber threats, study finds
