North Face runs into trouble as hackers strike again

The North Face, the fashion retailer which prides itself on its rugged outdoor wear, has been forced to admit its cyber defences are not quite so robust after warning customers that personal data has been stolen during a cyber-attack in April.

The company, which joins a hack attack hitlist that includes Marks & Spencer, the Co-op, Harrods, Adidas, Victoria’s Secret and Cartier, said the stolen information could include shipping addresses, purchase history, email addresses, names, phone numbers, and dates of birth.

However, it has insisted that financial information has not been accessed.

North Face informed customers that it had found “unusual activity” on its website on 23 April 23 – at a similar time to the M&S breach.

But while M&S informed customers almost immediately, North Face has only just released details, although it claims it was a “small scale” attack.

The retailer has told customers that the hackers used a technique known as “credential stuffing”, where they attempt to access online accounts by using usernames and passwords stolen from another data breach.

Shoppers affected by the attack have been urged to change their passwords.

James Hadley, founder and chief innovation officer at cyber security specialist Immersive, said the spate of attacks show a “harsh reality is dawning” for the retail sector, which has long been a prime target for threat actors.

He added: “While many have security measures in place, a lack of recovery plans and inadequate incident response means retailers remain perpetually vulnerable.

“Retailers, overflowing with customer information, have become easy targets for attackers and the consequences are substantial. Attackers already knew the retail sector had weak defences; however, the recent string of breaches will have emboldened them further.”