- Diamond firm Cartier notifies customers of a data breach
- Names, emails, and countries of origin were exposed
- Fortunately, passwords and payment data remain secure
French luxury brand Cartier has warned customers some of their sensitive personal information was stolen in a recent data breach.
In a data breach notification letter sent out to affected customers (which is also now circulating on social media), Cartier said an unauthorized third party gained temporary access to its systems, and exfiltrated customer data.
“Based on the investigation, we determined that this incident may have affected some of your information, specifically your name, email address, and country,” the notification further reads. “The affected information did not include any passwords, credit card details, or other banking information.”
Targeting the fashion industry
While it’s good news that passwords and banking data were not included, names and email addresses can sometimes be enough to pull off convincing phishing attacks, through which hackers can later steal login credentials, payment information, and more.
Cartier did not say who the threat actors were, or if the data grab was an isolated incident or part of a wider ransomware attack. We also don’t know how many people are affected.
The company confirmed the incident is now contained, and that it “further enhanced the protection of our systems and data” to prevent similar incidents from happening again. It did not detail what these enhancements entail.
“Given the nature of the data, we recommend that you remain alert for any unsolicited communications or any other suspicious correspondence,” the letter concluded. The police have been notified, and Cartier hired third-party security experts to further address the attack.
Cartier is the next in an expanding list of luxury and fashion brands that were recently victims of cyberattacks.
Less than a month ago, both Victoria’s Secret, and Dior confirmed suffering an attack in which names, gender information, phone numbers, email addresses, postal addresses, and purchase history were all taken.
Via BleepingComputer
Leave a comment