North Face and Cartier customer data stolen in cyber attacks

Outdoor clothing brand North Face that it suffered a “small-scale” attack on its website in April, after discovering “unusual activity”.

The US business said it was the victim of a “credential stuffing attack”, where account authentication information has been stolen from another source, such as through breaches of other websites.

It said it believes that the cyber attackers have gained access to email address and password information.

North Face said the hackers have then been able to access some customers accounts and reveal information such as products purchased on its website, shipping addresses, preferences, dates of birth and telephone numbers.

It stressed that payment card information has not been compromised in the attack.

Elsewhere, jewellery brand Cartier told customers in an email that “an unauthorised party gained temporary access to our system and obtained limited information”.

The company, which is owned by luxury firm Richemont, said it has “contained” the issue and informed relevant authorities.

Its initial investigation found that the incident may have affected customer information, including names, email addresses and the country where they live.

“Given the nature of the data, we recommend that you remain alert for any unsolicited communications or any other suspicious correspondence,” the company said.

The companies are the latest retailer businesses to have been hit by a raft of cyber attacks striking the sector in recent months.

Marks & Spencer has halted all online orders since April after a cyber incident, which bosses have said are likely to cost the business around £300 million.

Rival UK retailers The Co-op and Harrods have also been hit by hacks over the past two months.