Fashion Retailer Hit by Credential Stuffing Technique

  • The North Face suffers a cyber attack
  • Personal information stolen in the attack
  • Credential stuffing technique used by hackers
  • Shipping addresses, purchase history, email addresses, names, phone numbers, and dates of birth compromised
  • Financial information remains secure
  • Shoppers advised to change passwords
  • M&S and Co-op also targeted recently

The North Face has become the latest fashion retailer to fall victim to a cyber attack, with personal information stolen during a ‘small scale’ incident in April. The outdoor clothing specialist discovered unusual activity on its website on 23rd April and immediately investigated. Hackers used credential stuffing, attempting to access user accounts by using usernames and passwords from another data breach. Stolen information includes shipping addresses, purchase history, email addresses, names, phone numbers, and dates of birth but financial details remain secure. Affected customers have been advised to change their passwords. This follows similar attacks on retailers like M&S and Co-op. Last month, M&S’s tech provider TCS launched an investigation into a potential gateway for the cyber attack.

Factuality Level: 8
Factuality Justification: The article provides accurate information about The North Face’s cyber attack, the type of hack used (credential stuffing), the types of data stolen, and the response for affected customers. It also mentions similar attacks on other retailers like M&S and Co-op. However, there is a brief unrelated sentence at the end mentioning Currys upgrading its store estate which seems irrelevant to the main topic.
Noise Level: 3
Noise Justification: The article provides relevant information about a cyber attack on The North Face and the type of hack used (credential stuffing), as well as mentioning other recent attacks on retailers like M&S and Co-op. However, it lacks in-depth analysis or actionable insights, and includes an unrelated sentence about Currys upgrading its store estate.
Financial Relevance: Yes
Financial Markets Impacted: No
Financial Rating Justification: The article mentions a cyber attack on The North Face, which is a fashion retailer. Although it did not affect financial information, the incident could potentially impact consumer trust and sales for the company. It also refers to another recent cyber attack on M&S that had a financial impact with a £300m hit on its profits.
Presence Of Extreme Event: Yes
Nature Of Extreme Event: Technological Disruption
Impact Rating Of The Extreme Event: Minor
Extreme Rating Justification: The impact is rated as Minor because the cyber attack affected personal information, but did not include financial data and was described as a ’small scale’ incident. It also did not result in significant damage or consequences beyond requiring customers to change their passwords.

Reported publicly: www.retailgazette.co.uk