Cartier, North Face, MainStreet Bank among retailers struck by cyberattacks

Cyberattacks on retailers continued as Reuters reported that luxury jewelry retailer Cartier told its customers that its website had been hacked and some client data was stolen.

Outdoor retailer North Face told customers that its personal information was stolen in credential-stuffing attacks that targeted the company’s website in April, a sign that U.S. retailers should expect more of such attacks.

Virginia-based MainStreet Bank on May 30 filed with the Securities and Exchange Commission that its systems were attacked in March by a third-party vendor. While not a luxury retailer, MainStreet reportedly operates 55,000 ATMs across Virginia and Washington, D.C.

The string of cyberattacks follow attacks the past few months on prominent luxury retailers globally, including Marks & Spencer (M&S), Victoria’s Secret, Dior and Adidas. It’s still unclear which groups were responsible in the attacks on Cartier, North Face and MainStreet Bank as of Tuesday.

While security researchers have tied ransomware group Scattered Spider to the attacks on UK retailers M&S, Harrod’s and Co-op, it's known that the Cartier and MainStreet Bank attacks were caused by third-party breaches.

“Given the recent increase in cybersecurity attacks and incidents affecting retailers in both the U.S. and UK, it's unfortunate that the sector may be seen as a prime target, experiencing a surge in attack frequency and variety,” said Ben Hutchison, associate principal consultant at Black Duck.

“It's also noteworthy that a diverse range of attack techniques have been used in recent compromises, suggesting the possibility of additional actors being involved. However, it could also mean that some targets were simply more susceptible to different methods in the attackers' toolkit.”

The attacks on Cartier, North Face and MainStreet Bank are not isolated, said Nic Adams, co-founder and CEO or 0rcus. Adams said such incidents map directly to a broader trend in 2025: criminal franchises, credential-stuffing syndicates, third-party exploit brokers, opportunistic affiliate groups are systematically targeting retail and consumer financial infrastructure.

“All share common tools, automated credential replay, supply chain pivots, and API targeting, driven by overlapped threat intel sources and monetization playbooks,” said Adams. “No major crew has taken public responsibility for these recent breaches. Thus, it indicates: commoditized attack frameworks, profit-motivated automation, affiliate ecosystems built on anonymity, and false-flag attribution for plausible deniability.”

Agnidipta Sarkar, chief evangelist at ColorTokens, added that the leading luxury brands under attack store the personal data of ultra-high-net-worth individuals (UHNI) — ideal for phishing, blackmail or identity theft.

“They also have sensitive internal documents, such as design blueprints, financials, and supply chain details that attackers can sell to competitors or counterfeiters,” said Sarkar.

James Maude, Field CTO at BeyondTrust, said these attacks are yet another reminder that no brand is too big or too luxurious to get breached. Maude said the retailers themselves are not always the ultimate target and these may well represent supply chain attacks on high-net-worth individuals.

“The very nature of their client base makes them a valuable target for reconnaissance and information harvesting, which may be used in further highly targeted and sophisticated social-engineering attacks,” said Maude. “In turn, the luxury retailers are often smaller operations focused on brand and quality rather than IT so may be more similar to much smaller organizations in terms of their security maturity.”