Leak at Cartier
In June 2025, luxury jeweller Cartier (Richemont) disclosed a data breach in which attackers accessed customer records — names, email addresses and country of residence — though no passwords, payment or banking data were exposed.
- Victim
- Cartier
On 3 June 2025, Cartier — the luxury jeweller and watchmaker owned by the Richemont group — notified customers that an unauthorised party had gained access to its systems and obtained a limited set of personal data. The disclosure came during a wave of cyberattacks against high-end retail and fashion brands, including Dior, Adidas and Victoria's Secret.
According to Cartier and corroborating coverage, the compromise was limited to basic contact and identity fields. The exposed data included:
- Customer names
- Email addresses
- Country of residence
Cartier stressed that no passwords, payment card numbers or banking details were involved. The company said the intrusion was identified and contained, that it reinforced its security measures, and that it engaged an external cybersecurity firm and notified the relevant authorities.
Cartier directly contacted affected customers and warned them to remain alert for phishing and other unsolicited communications that could exploit the leaked information. Neither Cartier nor reporting outlets published a precise count of affected customers or identified the specific attack vector.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/
- securityweek.comhttps://www.securityweek.com/cartier-data-breach-jewelry-maker-warns-customers-that-personal-data-was-exposed/
- zataz.comhttps://www.zataz.com/cartier-victime-dune-cyberattaque-les-donnees-clients-ciblees/
- securityaffairs.comhttps://securityaffairs.com/178601/data-breach/cartier-disclosed-a-data-breach-following-a-cyber-attack.html