Cybercriminals continue to target the retail industry, with fashion brands increasingly in their crosshairs.
Outdoor apparel maker The North Face and luxury jeweller Cartier are the latest companies to suffer data leaks, following breaches at Marks and Spencer, Co-op, Adidas, and Victoria's Secret in recent months.
The North Face informed its customers that the company had suffered a cybersecurity incident and customer data was likely compromised.
Cartier also reported a breach, according to the BBC. Both brands say data such as customers' names, telephone numbers, and email addresses were taken, but financial information was not. Home addresses and purchase histories may have also been leaked.
Ignas Valancius, head of engineering at cybersecurity company NordPass, comments: "The pattern suggests a focus on ecommerce sites. The attacks are likely related and linked. It's not some conspiracy against the retail sector or clothing manufacturers, but rather an issue of reused passwords and poor digital hygiene.
"According to The North Face, hackers used a technique called credential stuffing. That means criminals have collected some login credentials in previous attacks or bought the data on the dark web and are now trying it on other retailers' systems, in hope that customers reuse their passwords. Apparently quite a few people do. Actually, in the USA, it's around 62%.
"We have conducted research recently, and it revealed a concerning reality: 62% of Americans reuse passwords across multiple online accounts. It’s worse than in the UK at 60%, and Germany, where only 50% of respondents reuse passwords.
"On average, Americans reuse passwords on about five accounts, with one-fifth admitting to reusing them on ten or more accounts.
"This risky habit creates a domino effect of vulnerability, where a single compromised password can unlock an entire digital life. I mean, a shopping account leak is not the worst that could happen when reusing passwords. Threat actors could gain access to all your accounts, your identity could be stolen and your credit card maxed out, or a loan could be taken out in your name.
"The best way to hinder cyber criminals and reduce harm is for businesses and customers to change passwords and stop reusing them. In addition, it’s best to start using passkeys where possible. They are way more secure than passwords.
"People reuse passwords because it's easier that way - we all know that. And the survey confirmed it. Around a third of Americans and Brits who reuse passwords say they do so because they have too many accounts to manage different passwords for each one. About a quarter say they find it inconvenient to create and manage unique passwords. But that’s exactly what criminals count on. In this case, a password manager, which can generate and safely store random passwords, can become your best weapon.
"For a while longer, at least until this wave passes, we all should also be more mindful of the risk of possible social engineering attacks. If you receive emails or messages from merchants, be extremely careful because fake pages may be hidden behind the links. If you are not sure, it is better not to click on the link. Find the contact details of that merchant online and contact it directly."
Copyright 2025. News submitted by Gintautas Degutis, public relations for NordPass.
