The North Face, a prominent fashion brand under VF Corporation, fell victim to a small-scale cyber attack in April 2025, where hackers employed credential stuffing a technique leveraging stolen usernames and passwords from prior breaches to exploit reused credentials. The attackers gained unauthorized access to customer accounts, compromising personal data such as names, email addresses, shipping addresses, and purchase histories. While financial information (e.g., payment card details) remained secure, the breach exposed sensitive customer profiles, raising concerns over potential phishing or identity fraud risks. Affected users were instructed to reset passwords. This incident follows a separate 2023 cyber attack on VF Corporation’s brand Vans, highlighting recurring vulnerabilities in the group’s digital infrastructure. The UK’s National Crime Agency prioritized investigating the attack amid a broader surge in retail-targeted cybercrime, including breaches at Adidas, Victoria’s Secret, and Harrods.
Source: https://www.bbc.com/news/articles/c39x3jpv8lyo
TPRM report: https://www.rankiteo.com/company/the-north-face
"id": "the839090225",
"linkid": "the-north-face",
"type": "Cyber Attack",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Subset (Email Notifications '
'Sent)',
'industry': 'Apparel & Accessories',
'location': 'Global (HQ: USA)',
'name': 'The North Face',
'type': 'Retailer (Fashion)'},
{'customers_affected': 'Subset (Email Notifications '
'Sent)',
'industry': 'Luxury Goods',
'location': 'Global (HQ: France)',
'name': 'Cartier',
'type': 'Retailer (Luxury Jewellery)'}],
'attack_vector': [{'entity': 'The North Face',
'vector': 'Credential Stuffing'},
{'entity': 'Cartier',
'vector': 'Unauthorized System Access (method '
'unspecified)'}],
'customer_advisories': [{'advisory': 'Password Reset Required',
'entity': 'The North Face'},
{'advisory': 'No Action Required (Monitor '
'Communications)',
'entity': 'Cartier'}],
'data_breach': {'data_exfiltration': [{'entity': 'The North Face',
'exfiltrated': True},
{'entity': 'Cartier',
'exfiltrated': True}],
'personally_identifiable_information': [{'entity': 'The North '
'Face',
'pii': ['Names',
'Email '
'Addresses',
'Shipping '
'Addresses']},
{'entity': 'Cartier',
'pii': ['Names',
'Email '
'Addresses']}],
'sensitivity_of_data': 'Low (No Financial/Payment Data)',
'type_of_data_compromised': [{'data': ['PII (Names, Emails)',
'Shipping Addresses',
'Purchase Histories'],
'entity': 'The North Face'},
{'data': ['PII (Names, Emails)'],
'entity': 'Cartier'}]},
'date_detected': [{'date': '2025-04', 'entity': 'The North Face'},
{'entity': 'Cartier'}],
'date_publicly_disclosed': '2025-06-03',
'description': 'Fashion brand The North Face and luxury jeweller Cartier '
'reported cyber attacks resulting in the theft of customer '
"data. The North Face discovered a 'small-scale' credential "
'stuffing attack in April 2025, exposing customer names, email '
'addresses, shipping addresses, and purchase histories. '
"Cartier reported an unauthorized system access where 'limited "
"client information' (names and email addresses) was obtained. "
'Neither breach involved financial data. Both companies have '
'taken remediation steps, including password resets (North '
'Face) and system protection enhancements (Cartier). The '
'incidents are part of a recent wave of attacks on '
"high-profile retailers like Adidas, Victoria's Secret, "
'Harrods, M&S, and Co-op.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage '
'(High-Profile Retailers Targeted)',
'data_compromised': [{'data': ['Customer Names',
'Email Addresses',
'Shipping Addresses',
'Purchase Histories'],
'entity': 'The North Face'},
{'data': ['Customer Names', 'Email Addresses'],
'entity': 'Cartier'}],
'identity_theft_risk': [{'entity': 'The North Face',
'risk': 'Low (No Financial Data; Limited '
'PII)'},
{'entity': 'Cartier',
'risk': 'Low (No Financial Data; Limited '
'PII)'}],
'operational_impact': [{'entity': 'The North Face',
'impact': 'Password Reset Required for '
'Affected Users'},
{'entity': 'Cartier',
'impact': 'System Containment and '
'Protection Enhancements'}],
'payment_information_risk': [{'entity': 'The North Face',
'risk': 'None'},
{'entity': 'Cartier',
'risk': 'None'}]},
'initial_access_broker': {'entry_point': [{'entity': 'The North Face',
'entry': 'Reused Credentials '
'(Credential Stuffing)'},
{'entity': 'Cartier',
'entry': None}]},
'investigation_status': 'Ongoing (UK National Crime Agency Prioritizing)',
'post_incident_analysis': {'root_causes': [{'causes': ['Credential Reuse by '
'Customers',
'Lack of MFA '
'(Inferred)'],
'entity': 'The North Face'},
{'causes': ['Unauthorized System '
'Access (Method '
'Unspecified)'],
'entity': 'Cartier'}]},
'recommendations': ['Avoid Password Reuse Across Platforms (Mitigate '
'Credential Stuffing)',
'Implement Multi-Factor Authentication (MFA)',
'Enhance Monitoring for Unauthorized Access'],
'references': [{'date_accessed': '2025-06-03', 'source': 'BBC News'}],
'regulatory_compliance': {'regulatory_notifications': [{'entity': 'Cartier',
'notified': True}]},
'response': {'communication_strategy': [{'entity': 'The North Face',
'strategy': 'Email Notifications to '
'Affected Customers'},
{'entity': 'Cartier',
'strategy': 'Email Notifications to '
'Affected Customers'}],
'containment_measures': [{'entity': 'Cartier',
'measures': 'Issue Contained'}],
'enhanced_monitoring': [{'entity': 'Cartier',
'monitoring': True}],
'incident_response_plan_activated': [{'activated': True,
'entity': 'The North Face'},
{'activated': True,
'entity': 'Cartier'}],
'law_enforcement_notified': [{'entity': 'Cartier',
'notified': True},
{'entity': 'The North Face',
'notified': None}],
'remediation_measures': [{'entity': 'The North Face',
'measures': ['Password Reset for '
'Affected Users']},
{'entity': 'Cartier',
'measures': ['Enhanced System/Data '
'Protection']}]},
'title': 'Customer Data Theft at The North Face and Cartier',
'type': ['Data Breach', 'Unauthorized Access'],
'vulnerability_exploited': [{'entity': 'The North Face',
'vulnerability': 'Reused Credentials (from prior '
'breaches)'},
{'entity': 'Cartier'}]}