Retail Under Fire⁉️

Originally published by South-End Tech Limited
Written by Patrick Meki, Cybersecurity & IT Risk Analyst at South-End Tech Limited.

The original version can be accessed here

Introduction

This past week has once again proven that not even the biggest and most trusted brands are immune to cyberattacks. Retail and luxury giants like Victoria’s Secret, Cartier, and The North Face reported major cyber incidents affecting their operations and customer data. These incidents not only raise red flags for global corporations but also offer critical lessons for businesses of all sizes, especially in regions like Kenya where the retail sector is expanding rapidly.

What Happened?

- On May 24, 2025, Victoria’s Secret reported a cyber incident involving unauthorized access to its IT systems. The company had to shut down its website and internal systems temporarily, delaying its quarterly earnings report.
👉Read the article on Reuters
- Cartier confirmed that a cyberattack had compromised customer data including names, email addresses, and country information. Financial data was reportedly untouched, but the breach was still significant.
👉Read the article on Reuters
- The North Face reported similar exposure in what appears to be part of a coordinated campaign targeting consumer-focused brands.
👉Read the article on THE TIMES

What These Attacks Tell Us

These incidents are a wake-up call about the cyber risks facing the retail sector. Here’s what stands out:
1. Retail is a high-value target
- Brands like Victoria’s Secret and Cartier hold vast amounts of customer data, from PII to purchase history and sometimes even payment information. This makes them prime targets.
2. The business disruption is real
- Victoria’s Secret had to delay its financial reporting which is a big deal for shareholders and investors.
- The reputational damage to luxury brands like Cartier is significant and long-lasting.
3. Attack methods are evolving
- While details are still emerging, these breaches likely involved credential theft, phishing, or third-party supply chain vulnerabilities.
- Retailers often use multiple third-party services like logistics, marketing, CRM just to mention a few any of which can be an entry point for attackers.

Key Lessons for Businesses in Kenya and Beyond

1. Cyber resilience is not optional
- Business continuity depends on the ability to detect, respond to, and recover from cyber incidents without going offline or losing data.
2. Incident response should be tested, not just written
- These incidents prove that even large organizations can be caught off guard. Your Incident Response plan should include table-top exercises and actual breach simulations.
3. Protect customer data at all costs
- Encrypt customer data both in transit and at rest.
- Limit access using strong IAM policies and multi-factor authentication.
4. Don't overlook the supply chain
- If a partner or vendor has weak security, you inherit their risk. Vet all third-party service providers.
5. Train your people
- Human error remains the number one entry point. Regular, role-based training can drastically reduce your attack surface.

Conclusion

Trust is what makes luxury brands valuable and cybersecurity is what protects that trust. As the recent incidents involving Victoria’s Secret, Cartier, and The North Face show, no organization is too big or too stylish to be hacked. Whether you're a local fashion retailer in Nairobi or an international e-commerce firm, the playbook is the same: prepare, protect, and respond.