Ralph Lauren Investigates Potential Supply Chain Cyberattack Linked to Extortion Group
Ralph Lauren is reportedly investigating a suspected cyberattack that may have compromised its supply chain through a third-party vendor. The incident, which did not directly target the company’s own systems, highlights a growing trend of threat actors exploiting weaker security in partner networks to gain access to larger organizations.
No details have been released about the scope of the breach, including what data may have been exposed or whether the impact extends beyond U.S. users. Ralph Lauren has not publicly confirmed the unauthorized access.
The attack has been claimed by CoinbaseCartel, a cybercriminal group operating on the dark web. The same group also asserts responsibility for breaches at other U.S. companies, including children’s retailer Carter’s and jewelry chain Helzberg Diamonds.
Emerging in September 2024, CoinbaseCartel has rapidly become one of the most active extortion gangs, with over 130 claimed victims across sectors such as healthcare, technology, telecommunications, finance, and transportation. Its targets have included major corporations like SK Telecom (South Korea), Plug Power (U.S.), NTT Data (Japan), and CEVA Logistics (Switzerland).
While the group’s origins remain unclear, some cybersecurity analysts suggest potential ties to established threat actors like ShinyHunters, Scattered Spider, or LAPSUS$, possibly operating as affiliates. Despite its name, CoinbaseCartel has no connection to the cryptocurrency exchange Coinbase. The full extent of the Ralph Lauren incident and its broader implications remains under investigation.
Source: https://www.escudodigital.com/en/cybersecurity/ralph-lauren-hit-by-supply-chain-attack.html
NTT cybersecurity rating report: https://www.rankiteo.com/company/ntt
Plug and Play Supply Chain & Logistics cybersecurity rating report: https://www.rankiteo.com/company/plugandplay-supply-chain
Ralph Lauren cybersecurity rating report: https://www.rankiteo.com/company/ralph-lauren
Carters Inc. cybersecurity rating report: https://www.rankiteo.com/company/carter's-oshkosh-bgosh
Helzberg Diamonds cybersecurity rating report: https://www.rankiteo.com/company/helzberg-diamonds
"id": "NTTPLURALCARHEL1776148133",
"linkid": "ntt, plugandplay-supply-chain, ralph-lauren, carter's-oshkosh-bgosh, helzberg-diamonds",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Retail (Apparel)',
'location': 'U.S.',
'name': 'Ralph Lauren',
'type': 'Company'},
{'industry': 'Retail (Children’s Apparel)',
'location': 'U.S.',
'name': 'Carter’s',
'type': 'Company'},
{'industry': 'Retail (Jewelry)',
'location': 'U.S.',
'name': 'Helzberg Diamonds',
'type': 'Company'},
{'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'SK Telecom',
'type': 'Company'},
{'industry': 'Technology (Energy)',
'location': 'U.S.',
'name': 'Plug Power',
'type': 'Company'},
{'industry': 'Technology (IT Services)',
'location': 'Japan',
'name': 'NTT Data',
'type': 'Company'},
{'industry': 'Logistics',
'location': 'Switzerland',
'name': 'CEVA Logistics',
'type': 'Company'}],
'attack_vector': 'Third-party vendor compromise',
'description': 'Ralph Lauren is investigating a suspected cyberattack that '
'may have compromised its supply chain through a third-party '
'vendor. The incident highlights a growing trend of threat '
'actors exploiting weaker security in partner networks to gain '
'access to larger organizations. The attack has been claimed '
'by CoinbaseCartel, a cybercriminal group operating on the '
'dark web.',
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'investigation_status': 'Under Investigation',
'motivation': 'Extortion',
'references': [{'source': 'Cybersecurity Report'}],
'threat_actor': 'CoinbaseCartel',
'title': 'Ralph Lauren Investigates Potential Supply Chain Cyberattack Linked '
'to Extortion Group',
'type': 'Supply Chain Cyberattack'}