Cartier has notified customers of a security breach that exposed personal data, as cyberattacks continue to hit major fashion labels.
Luxury fashion house Cartier has disclosed a data breach after hackers gained temporary access to its systems and stole customer information. Notification letters sent to affected individuals were shared on social media on June 2, confirming that personal details such as names, email addresses, and countries of residence were compromised.
Cartier stated that no sensitive financial data, such as credit card numbers or passwords, was involved in the breach. The company says it has since contained the incident and improved system protections.
While the breach appears limited in scope, Cartier has warned customers to stay alert for potential phishing attempts or other targeted scams. The stolen data, though not financial, could be used in impersonation attacks or fraudulent outreach.
Cartier has reported the breach to law enforcement and brought in a third-party cybersecurity firm to investigate and remediate the intrusion. As of now, details such as the date of the breach or the number of individuals affected have not been disclosed.
In its notification, Cartier stated, “We contained the issue and have further enhanced the protection of our systems and data.” It urged customers to remain vigilant for suspicious messages or unsolicited communications, given the nature of the compromised data.
BleepingComputer has reached out to Cartier for further comment, but the company has not responded.
Cartier has joined a growing list of fashion retailers affected by recent cyberattacks. In May, Dior reported the theft of customer contact information and purchase histories, while Adidas disclosed a breach involving a third-party vendor. Victoria’s Secret also faced a security incident that disrupted both online and in-store operations.
Luxury retailers often maintain detailed customer profiles for personalization and marketing. Even non-financial data can be valuable for phishing, social engineering, or identity-related fraud.
A third-party breach involves a cyberattack on an external vendor that provides services (such as marketing or logistics), through which hackers gain indirect access to customer data.
Look out for generic greetings, unexpected links or attachments, urgent requests, and sender addresses that don’t match official brand domains.
Best practices include isolating the breach, engaging cybersecurity experts, notifying affected individuals, reporting to relevant authorities, and reviewing systems for vulnerabilities.
In many jurisdictions, companies must notify regulators and affected customers if personal information was exposed, especially when there is a risk of harm or misuse.