Cyber Incident Victim: Cartier
Date:
Jun 2025
Location:
France
Summary
Cartier disclosed a data breach after unauthorized parties gained temporary access to its systems and obtained limited customer information including names, email addresses, and countries of residence. The company stated that no passwords, credit card numbers, or banking details were compromised, contained the breach, enhanced system protections, notified law enforcement, and engaged an external cybersecurity firm to assist with remediation while noting that similar incidents have affected other fashion brands such as Dior, Adidas, and Victoria's Secret.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Cartier disclosed on June 2, 2025 that an unauthorized party had gained temporary access to its systems and obtained limited client information, as stated in the notification letters sent to affected customers. The company explained that the breach was contained and that it had further enhanced the protection of its systems and data following the incident. Cartier confirmed that the compromised data included customers’ names, email addresses, and the countries where they reside, while emphasizing that no passwords, credit card numbers, or banking details were accessed. The firm notified law enforcement about the breach and engaged an external cybersecurity company to assist with remediation and investigation. Cartier advised recipients to remain vigilant against unsolicited or suspicious communications that could exploit the exposed information.
The notification did not specify the exact date of the breach or the total number of individuals impacted, as Cartier had not responded to follow‑up inquiries from BleepingComputer at the time of reporting. The company warned that, despite the limited nature of the data, the stolen details could be used in targeted attacks such as phishing or social engineering attempts. Cartier’s statement noted that it had taken steps to improve system security and was cooperating with authorities to address the incident. The disclosure placed Cartier among a series of fashion‑sector security events reported over the preceding month.
In May 2025, Dior disclosed a breach after threat actors accessed its systems and stole customer contact details, purchase histories, and preferences. Also in May, Adidas warned customers about a data breach stemming from a compromise at a third‑party service provider, with attackers obtaining contact information but no payment data or account credentials. The previous week, Victoria’s Secret took down its website and certain store services due to an ongoing security incident and launched an investigation with cybersecurity experts. These incidents, like Cartier’s, involved notification to law enforcement and collaboration with external security firms to contain and remediate the breaches.