|  Updated: 

Personal information stolen from Cartier in latest cyber attack

By:

Retail Reporter

Add as a preferred source on Google
Richemont is the parent company of luxury watchmaker Cartier
Richemont is the parent company of luxury watchmaker Cartier

Luxury brand Cartier has become the latest retailer to report a data breach as cyber attacks continue to hammer the sector.

The Richemont-owned brand has warned customers that hackers have stolen a “limited” amount of personal information from its systems.

In an email sent to customers and shared on social media, the company said the affected information “did not include any password, credit card details of other banking information”.

However, basic personal information can still be used to stage phishing attacks on customers via email and phone.

“Given the nature of the data, we recommend you remain alert for any unsoliticed communications or any other suspicious correspondence,” Cartier told customers.

Retailer cyber attacks

The attack on Cartier is the latest in a string of attacks on retailers, which have included Victoria’s Secret, M&S, Harrods and the Co-op.

The hacking group Scattered Spider has claimed responsibility for a number of the attacks, including M&S and The Co-op.

The group is thought to target specific sectors for a period of time, with all retailers warned by cyber experts to expect attempts to breach their systems.

The retail sector is also particularly attractive to hackers due to the amount of customer data it holds and its relatively weak defences due to decades of under-investment and its reliance on vulnerable third-party suppliers.

“Retailers, overflowing with customer information, have become easy targets for attackers and the consequences are substantial.

“Attackers already knew the retail sector had weak defences; however, the recent string of breaches will have emboldened them further,” founder of cybersecurity firm Immersive Labs, James Hadley, said.

‘No sign’ of attacks slowing down

“The recent attacks are showing no sign of slowing down and it remains a race against time to get businesses better protected,” Jake Moore, global cybersecurity advisor at ESET, said.

“Ransom demands are often in the millions, but even when the ransom isn’t paid, the costs associated with recovery and lost revenue can be staggering.

“In some cases the clean up operation can even cost far more than the original ransom demand forcing a difficult decision at the time of attack,” Moore added.

However, Moore said a silver lining was a renewed focus on building better defences.

“Companies observing the devastating aftermath of the [attacks’ will no doubt breathe a deep sigh of relief that it wasn’t them, while at the same time strengthening their defences in preparation for inevitable future attempts,” Moore said.