Why the World’s Most Prestigious Retailers Are Facing a Cybercrime Wave

Prestigious retailers have been hit by numerous ransomware and data breach attacks over the past 18 months. This trend hints that cybercriminals may be shifting their focus from mainstream retail stores to luxury brands. But why are high-end fashion retailers being targeted now? Below, we look at the rise in these attacks, possible links between them, and their impact on the finances and reputation of luxury brands.

Not so long ago, cybercriminals targeted more everyday retail giants, the high street names, but recent headlines suggest the target has shifted upward. In the spring of 2025, the UK saw a wave of retail cyber incidents affecting household names such as Marks & Spencer (M&S) and the Co-op Group, followed by luxury London retailer Harrods.

M&S got hit by a ransomware attack so severe it halted online clothing sales for 46 days, costing an estimated £300 million (~$400M) in profit. Co-op saw its backend systems breached, resulting in customer data leaks and even empty supermarket shelves due to restocking issues. Harrods, meanwhile, became the third British retailer hit in as many weeks, though it managed to slow the intrusion by restricting network access and bringing in security specialists.

This succession of UK attacks prompted government scrutiny and alarm. Arrests in July 2025 shed some light: British authorities detained four suspects (all under 21) believed to be behind the M&S, Co-op and Harrods attacks.

Investigators discovered loosely aligned parties possibly working together under the umbrella group DragonForce. At least one hacking group, Scattered Spider, was also implicated; it allegedly orchestrated the ransomware that crippled M&S's servers. While it is unclear whether all of these retailers were targeted by the same gang, the clustering of attacks indicated that organized cybercriminals had turned their attention to retail in a big way.

Fast forward just a few weeks, and it wasn't only British grocers or department stores under fire. By May and June of 2025, high end fashion and jewelry brands around the globe started reporting breaches. In a single month, Victoria's Secret, Dior, Harrods, Marks & Spencer, and even Adidas all made news for cyber incidents. This marked a noticeable shift: cybercriminals were no longer just after mass market retailers; luxury brands were now squarely in the crosshairs.

One by one, high end fashion houses and luxury stores have reported attacks. This shows that even the most exclusive brands are not safe from cyberthreats. In the middle of 2025, Cartier, a famous jewelry store in Paris, told its customers that someone had broken into its systems without permission and stolen names, emails, and countries of residence.

Fortunately, Cartier confirmed that no payment or password information was exposed, but the incident was part of a troubling pattern sweeping the sector. That same pattern saw Victoria's Secret suffer a late-May cyberattack that shut down its website and some store services for days, prompting the company to delay earnings reports and brace for a $20 million sales hit in the next quarter.

In late July 2025, Chanel (the epitome of French luxury) confirmed a breach of a customer database hosted by a U.S. third party provider. The good news: Chanel reported that its core operations weren't affected. Still, customer data was accessed, and Chanel joined what was becoming a long list of fashion victims that year, including Harrods, Adidas, Dior, M&S, Co-op, The North Face, and Cartier.

Around the same time, Danish jeweler Pandora alerted clients that cybercriminals stole data limited to names and email addresses (no passwords or card numbers). In June, outerwear retailer The North Face (owned by VF Corp) revealed a small scale breach via credential stuffing. Attackers reused credentials from other leaks to hijack customer accounts, again exposing names and emails but no financial details.

The luxury empire LVMH was hit particularly hard. Between May and July 2025, LVMH brands suffered a trilogy of breaches: Christian Dior Couture had a data leak (reported in May but traced back to a January compromise), followed by Louis Vuitton's South Korea unit in early June, and then Louis Vuitton's UK operations in early July.

On July 2, 2025, the company (Louis Vuitton) confirmed a global cyberattack that exfiltrated personal data of customers in countries including the UK, Italy, Turkey, Sweden, and South Korea. LV had notified regulators and emphasized that no financial information was leaked. Notably, analysts linked this breach to ShinyHunters, a notorious data theft group.

ShinyHunters were and still are known for stealing customer information. In the past, they targeted companies like Adidas as well as big names like AT&T and Neiman Marcus. With Louis Vuitton, just like in their other attacks, they didn't ask for ransom money. Instead, their goal seemed to be the theft of customer data to sell or leak.  

Why have cybercriminals turned their attention to prestigious retailers? These brands are usually appealing targets for a number of reasons:

Affluent Client Data

Luxury retailers provide privacy and exclusivity to their high-net-worth customers. This means that any stolen client list represents a virtual instant goldmine of wealthy prospects. Criminals are keen on this data too, which can be used to commit fraud or extort money from victims. A recent incident at Dior was revealed via a text message to Dior clients in China. Messages revealed that sensitive data including names, gender, contact details, shopping preferences, and purchase history had been compromised. Some luxury brands including Dior in China operate high-end personalization strategies, something that has backfired for Dior as a result of the breach.  Many China-based customers of the brand expressed frustration on social media platforms questioning whether Dior has done enough for data protection, with some reporting a spike in spam messages, raising suspicions of further misuse. Preliminary data shows that Dior and Tiffany suffered a 5-7% drop in their sales.

Deep Pockets & Damage

Prestigious retailers make money by maintaining their image, and they'll do anything to protect it. This makes them a tempting target for extortion. Luxury fashion companies are more likely to be able to afford higher ransom demands and have more to lose from bad publicity compared to more generic retailers. Criminals understand this. In the luxury world, a brand's reputation is everything. If they lose their customers' trust, they risk losing it all. This pressure can push luxury brands to pay ransoms or cover up incidents, which is exactly what attackers aim for.

High Cost of Downtime

Retail (and luxury retail in particular) has razor thin margins for disruption. Any downtime, be it an online store outage or halted warehouse operations, racks up losses quickly. Cybercriminals understand that operational paralysis equates to leverage. For example, Marks & Spencer's 46-day outage left it with millions in lost sales per day during a peak season.

Prestige & Publicity

Lastly, hitting a prestigious retailer guarantees headlines. Some groups seek notoriety or political impact. While most recent luxury breaches appear financially motivated, the possibility of hacktivism or state actors can't be ignored. A group with an anti-capitalist agenda might target luxury firms as symbols of wealth. UK investigators mentioned the loosely affiliated cybercriminals in the M&S case took inspiration from an outfit named DragonForce, which has known hacktivist leanings. Even if profit driven, attackers know that breaching big name brands like Louis Vuitton or Chanel yields big media attention, boosting the perceived skill of the group on cybercrime networks and forums.

The evidence so far suggests that multiple threat actors are at play, but with overlapping timing and targets.

In some cases, there are clear links: the hacks on Louis Vuitton, Dior, and Tiffany in Asia, for instance, all appear connected to the same vendor vulnerability and have been attributed to the ShinyHunters data theft group. ShinyHunters has a habit of targeting companies with valuable user databases and selling the data, and they struck multiple luxury firms in a short span of time. Meanwhile, the crippling attacks on M&S, Co-op, and potentially Victoria's Secret had the hallmarks of ransomware/extortion crews like Scattered Spider or its affiliates.

2025 saw an overall surge of attacks on retail, which could indicate a wider campaign. The first quarter of 2025 experienced a 45% increase in cyberattacks compared to the previous year, with retail one of the hardest hit sectors. It's possible that once cybercriminals saw retailers paying ransoms or reeling from disruptions, others piled on (a feeding frenzy effect).

Others described it as a highly tuned targeting of high value entities, meaning multiple groups independently zeroed in on luxury retail because it was simply ripe for attack at this moment. The attacks might not all emanate from one mastermind, but they rhymed in method and timing.

These cyberattacks are not just an issue for a company's IT team; they damage the reputation of luxury brands and weaken customer trust. The impact is both immediate and long-lasting.  

Operational Disruption

When a retailer's systems stop working, it directly impacts sales. This was clearly shown when M&S experienced a long outage, costing the company hundreds of millions in lost revenue. Even shorter outages can be very costly. Victoria's Secret being offline for just a few days will likely lead to a $20 million less in second-quarter sales. In luxury retail, where sales often depend on seasonal launches or tourism trends, a cyberattack can ruin an entire quarter's performance. On top of losing sales, brands also face expensive recovery costs, such as investigating the issue and fixing their systems.

Consumer Trust Erosion

The appeal of luxury brands relies on trust and a sense of exclusivity. A data breach can harm that trust in a large way, even if it's hard to measure exactly how much. When personal details or shopping habits are exposed, customers might worry about identity theft or losing their privacy. This could lead some to stop shopping with the brand. Even loyal VIP customers might decide to shop elsewhere if they feel their privacy isn't protected.

Regulatory Repercussions

Luxury stores that manage wealthy customers' personal data are under close watch from regulators when a data breach happens. Authorities are especially strict with companies that take too long to report a breach or fail to protect data properly. For example, South Korea fined Dior (though the fine was small) because they reported a breach too late. Dior found the problem in May, even though the breach had happened months earlier. Strict laws like GDPR can lead to fines as high as 4% of a company's global revenue for serious data protection failures.

Market and Investor Impact

Cyberattacks can also harm a company's market value, which luxury brands are eager to protect. If news breaks about a data breach at a well-known brand, it can scare investors and cause stock prices to drop. For example, after a breach was announced, Dior's parent company saw its shares fall by about 3.2%. While that might not seem like much, for a giant company like LVMH, it means losing billions in market value.

Secure your luxury brand's data and reputation with BlackFog's ADX technology, preventing data exfiltration and ransomware attacks across all endpoints.