By Suzanne Kapner

A string of recent cyberattacks has targeted big retailers, scooping up customer information and disrupting online sales.

North Face and Cartier in recent days told customers that their names and email addresses had been stolen. Another cyber intrusion prompted Victoria's Secret to shut down its website for three days and postpone the quarterly earnings announcement that it had planned for this week.

The disclosures by North Face, Cartier and Victoria's Secret follow a spate of attacks against U.K. retailers that appear to have been perpetrated by a group known as Scattered Spider. Members of the hacking group pretend to be employees locked out of their corporate accounts. They then persuade a corporate help desk to reset their password, a technique known as social engineering.

U.K. retailers Harrods, Marks & Spencer and Co-op all have reported cyber intrusions in recent months. Scattered Spider hasn't been publicly named as the culprit behind the hacks, but is suspected in at least some of them, The Wall Street Journal has reported.

North Face, which discovered a breach on April 23, said it was the target of a different type of attack known as credential stuffing. Hackers used account authentication credentials such as addresses, usernames and passwords that were stolen from another source to gain unauthorized access to user accounts, North Face said. Credential stuffing can occur when people use the same passwords on multiple websites.

"Based on our investigation, we believe that the attacker previously gained access to your email address and password from another source (not from us) and then used those same credentials to access your account on our website," North Face told customers in an email last week.

It is unclear what techniques were used in the Cartier and Victoria's Secret breaches.

In an email to customers, Cartier said that some client names, email addresses, countries of residence and birth dates might have been stolen. No passwords, credit card details or other banking information was affected, the company said.

Victoria's Secret shut down its corporate systems and e-commerce site on May 26. Its website was restored on May 29.

The lingerie seller Tuesday said that the incident didn't affect its financial results in the latest quarter. The company said it had to postpone its earnings announcement because the restoration processes had prevented employees from accessing information they needed to prepare the results for release.

"Companies have to sometimes break certain things to stop the attacker from getting deeper into their network," said Charles Carmakal, the chief technology officer at cybersecurity firm Mandiant, speaking generally and not about any specific retailer.

Write to Suzanne Kapner at suzanne.kapner@wsj.com

(END) Dow Jones Newswires

June 03, 2025 17:15 ET (21:15 GMT)

Copyright (c) 2025 Dow Jones & Company, Inc.