Luxury fashion brand Cartier has disclosed a data breach that compromised customer information.

According to Bleeping Computer, a notification letter sent to affected individuals and later shared on social media revealed that hackers were able to breach systems and obtain limited personal data.

Cartier confirmed that it quickly contained the incident and has since strengthened the security of its systems to prevent future breaches.

The data obtained in the breach includes customers’ names, email addresses, and the countries in which they reside. While Cartier emphasised that no highly sensitive information - such as passwords, credit card numbers, or banking details - was affected.

Specific Details

While the company has not disclosed specific details about when the breach occurred or how many customers were impacted, BleepingComputer has reached out for additional information but has yet to receive a response.

Mike Britton, CIO at Abnormal AI said that even if financial or password data isn’t exposed, breaches like the one at Cartier still carry significant risk. “Customer information remains a valuable asset for attackers to craft convincing phishing emails and impersonation attempts designed to deceive customers,” he said.

“The exposure of these details heightens the risk of social engineering, regardless of whether the organisation’s email systems were directly compromised. That’s why maintaining strong cyber hygiene is critical. Organisations should regularly review who has access to customer data and train staff to identify and respond to suspicious activity.

“We must recognise that these threats don’t end with the initial breach. Attackers often use stolen information in follow-up campaigns that may appear legitimate. These rely on tactics like a false sense of urgency or altered contact details. Sustained vigilance is vital, attackers often wait and strike later, when defences may be more relaxed.”

Robert Cottrill, technology director at ANS, said: “Whilst prevention is preferable, Cartier has reported that it contained its attack issue and has enhanced its systems. Should the worst happen, businesses need the ability to react quickly to minimise the impact on customers, no matter the type of data involved in a breach.”

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.