LONDON — Retail-related cybersecurity attacks have become a growing problem in 2025.
In the first half alone, a slew of high-profile brands and retailers — from M&S, Co-op, Adidas and The North Face to Harrods, Louis Vuitton, Chanel and Dior — have fallen victim to cyber attacks, with customers’ data stolen and system outages disrupting daily operations.
Julius Cerniauskas, chief executive officer of proxy solutions and web scraping tools provider Oxylabs, said cybercriminals are attracted to luxury brands and high-street names because they hold large amounts of valuable customer data.
“Attackers are becoming more opportunistic and sophisticated, targeting brands that hold valuable customer data, not just credit card numbers. Whether it’s luxury retail or everyday consumer brands, hackers are finding weak spots and exploiting them fast,” Cerniauskas added.
You May Also Like
Marijus Briedis, chief technology officer at NordVPN, further explained that the exposure of customer profiles, preferences and contact information may seem non-financial, but in the wrong hands it becomes a blueprint for exploitation.
“It’s a mistake to assume that only financial information matters in a breach. In reality, knowing what someone buys, where they live, and how they shop is just as dangerous,” said Briedis, adding that a luxury brand’s customer data is a gold mine for psychological targeting by cybercriminals.
“Armed with purchase history and detailed personal info, attackers can create phishing emails that look like they came straight from Dior’s marketing department. That level of realism makes scams nearly indistinguishable from the real thing,” Briedis continued.
For example, Dior’s Instagram account was hacked in February. Hackers posted a story promoting a fake cryptocurrency called “Dior Official Coin,” which included an external link for token access. While many followers recognized the scam early on, some were deceived and suffered financial loss.
Getty Images
In a recent interview with WWD, Franck Le Moal, group IT and technology director at LVMH Moët Hennessy Louis Vuitton, said the luxury conglomerate was battling a sharp increase in cybercrime, and in response, it is bolstering investment in cybersecurity in partnership with Google Cloud.
“But it’s a game of cops and robbers, and it’s an ongoing battle,” he said. “Unfortunately, despite our best efforts, all you need is the occasional tiny flaw in the system to benefit this increasingly large-scale cybercrime industry. This is a challenge for all businesses, including luxury.”
A report from KnowBe4 in March added that there is a 56 percent spike in retail cyberattacks driven by phishing and AI.
“This puts retail in the top five industries targeted by cybercriminals,” the report said. It noted that the average cost of a single retail data breach “reached $3.48 million in 2024,” representing an 18 percent increase from 2023.
According to Michael Tigges, senior security operations analyst at cybersecurity provider Huntress, while there is never an assurance that an organization can be compromise-free, there are immediate steps a company can take to shore up defenses and implement immediate, high-impact changes to security that make compromise significantly less likely.
He suggested that retailers should first have an inventory check about what data they have, where it exists and what it does in the digital space. Then they can look into organizational legal obligations, such as payment data handling and processing, and personally identifiable information handling.
Tigges added that retailers need to be practical with this risk evaluation and have a plan in place to contain the risk.
It includes drafting incident response procedures, ensuring managed detection and response services work within this incident response plan, and exercising it regularly with tabletops and real-world scenarios.
“At some point, something of security significance will happen to every organization. The difference between a security event and a security incident is often early detection and response,” said Tigges, adding that many third-party solutions can help with strengthening cybersecurity by encrypting data at rest and tokenizing payment information.
Data breaches have been around for years. The largest were the Yahoo data breaches in 2013 and 2014, involving more than 3 billion user accounts. In 2013, mass retailer Target Corp. suffered a breach that compromised 40 million credit and debit card records — and 70 million customer records — when hackers gained access to the point-of-sale systems of one of its vendors during the holiday season.
A cyberattack in 2023 involving personally identifiable information of customers impacted 35 million customers of apparel giant VF Corp. That same year, 10 million JD Sports customers had their information stolen, which included the last four digits of their credit cards that were used for payment.
