Skip to content
Data breachContained

Leak at Cartier

In June 2025, luxury jeweller Cartier (Richemont) disclosed a data breach in which attackers accessed customer records — names, email addresses and country of residence — though no passwords, payment or banking data were exposed.

Victim
Cartier

On 3 June 2025, Cartier — the luxury jeweller and watchmaker owned by the Richemont group — notified customers that an unauthorised party had gained access to its systems and obtained a limited set of personal data. The disclosure came during a wave of cyberattacks against high-end retail and fashion brands, including Dior, Adidas and Victoria's Secret.

According to Cartier and corroborating coverage, the compromise was limited to basic contact and identity fields. The exposed data included:

  • Customer names
  • Email addresses
  • Country of residence

Cartier stressed that no passwords, payment card numbers or banking details were involved. The company said the intrusion was identified and contained, that it reinforced its security measures, and that it engaged an external cybersecurity firm and notified the relevant authorities.

Cartier directly contacted affected customers and warned them to remain alert for phishing and other unsolicited communications that could exploit the leaked information. Neither Cartier nor reporting outlets published a precise count of affected customers or identified the specific attack vector.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/
  2. securityweek.comhttps://www.securityweek.com/cartier-data-breach-jewelry-maker-warns-customers-that-personal-data-was-exposed/
  3. zataz.comhttps://www.zataz.com/cartier-victime-dune-cyberattaque-les-donnees-clients-ciblees/
  4. securityaffairs.comhttps://securityaffairs.com/178601/data-breach/cartier-disclosed-a-data-breach-following-a-cyber-attack.html

Related incidents

Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik