From Balenciaga, Gucci and McQueen to Victoria’s Secret, Mango, Marks & Spencer, cybercriminals are targeting fashion retailers. Be it ransomware, phishing or supply chain disruption, cyberattacks have cost retailers millions while shoppers lost confidential data. How should retailers and shoppers protect themselves from cyber attacks?
Consumers are shopping online frequently with e-commerce expected to account for one third of all global fashion sales this year. The pandemic-induced acceleration of e-commerce makes fashion retail a prime target for cyber criminals as retailers handle a massive volume of customer data, payment transactions, logistics operations, and online-offline integrations.
This week, Japanese retailer MUJI just took its store offline due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. “This highlights how even trusted supply chain partners can become weak links, with one breach potentially halting operations across multiple organisations,” says Jamie Akhtar, CEO and co-founder of CyberSmart. “Both individuals and businesses should maintain secure, offline backups and use strong access controls such as multi-factor authentication. Organisations must also assess their suppliers’ cybersecurity standards, include clear response procedures in contracts, and monitor for unusual activity.”
Spanish retailer Mango recently disclosed a data breach after its marketing vendor was compromised, British retailer Marks & Spencer was hit by ransomware and Kering disclosed that cyber criminals stole the private details of millions of Balenciaga, Gucci and Alexander McQueen customers. A breach puts at risk personal data, affects consumer trust, disrupts supply chains, and causes financial loss, making it critical for retailers to tighten existing cybersecurity procedures or invest in additional technologies.
Per BoF: ‘The frequency of these attacks is only growing: In 2024, the number of individuals and groups targeting companies’ systems that cybersecurity consultancy S-RM engaged with across 600 incidents grew 96 percent year over year.’ Let’s take a look at recent breaches and how fashion retailers can strengthen their operations.
Cybersecurity Breaches At Prominent Fashion Retailers
MUJI
This week, Japanese fashion retailer MUJI took its store offline due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. Askul — the business-to-business and business-to-consumer office supplies and logistics e-commerce firm owned by Yahoo! Japan Corporation — suspended orders and shipping operations to investigate the impact, including the leakage of personal information and customer data. Product return applications, receipt mailing, catalog shipping, and collection services have been suspended, while Askul customer service desk is unreachable. Given that Askul handles MUJI’s Japan sales, the disruption only impacts that region.
Kering
French luxury conglomerate Kering, which owns fashion brands behind Gucci, Balenciaga, and Alexander McQueen, fell prey to a cyber attack. Cybercriminals operating under the “Shiny Hunters” moniker stole data linked to 7.4 million unique email addresses, including customer names, email addresses, phone numbers, addresses, and total spend at each brand. This data makes victims vulnerable to targeted scams.
Mango
Spanish fashion retailer Mango launched its e-commerce in 2000, making it one of the first fashion companies to begin e-commerce in Europe. In 2023, Mango’s online business exceeded 1 billion euros in revenue for the first time, representing 33% of total group revenue. Sadly, this made the fashion retailer a target for cyber attack. Mango recently disclosed a data breach after a marketing vendor compromise exposed customer personal information. The retailer sent data breach notifications to the impacted customers on October 14, 2025 although it pointed out that the security breach did not affect sensitive data such as banking details and login credentials.
Marks & Spencer
Marks & Spencer revealed that some personal customer data was stolen in a cyber attack, which could include contact details, date of birth and online order history. However, the stolen data did not include usable card or payment details, and it also did not include any account passwords. “Over the last few weeks, we have been managing a highly sophisticated and targeted cyber-attack, which has led to a limited period of disruption”, said M&S chief executive Stuart Machin in a company statement. “We have tackled this head on with incredible spirit, teamwork and a deep sense of responsibility as we prioritised serving our customers. It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.”
Victoria’s Secret
On May 26, Victoria’s Secret shut down its website following a ‘security incident involving its information technology systems,’ the lingerie brand said in a statement. The company immediately enacted its response protocols to attempt to contain and eradicate unauthorised network access, and third-party experts were engaged. While the site was down for four days, ‘the company’s stock dropped as much as 8 percent the day it closed its site’ per BoF. Victoria’s Secret activated its response protocols to attempt to contain and eradicate unauthorized network access, and third-party experts were engaged. The brand temporarily shut down its corporate systems and e-commerce website. The estimated costs of damage of the attack amounted to an estimated $20 Million.
Neiman Marcus
In May 2024, Neiman Marcus experienced a data breach affecting over 31 million customers, stemming from a cyberattack on the Snowflake cloud service. ‘There is NO indication that Social Security numbers and birth dates were compromised, that our Neiman Marcus cards have been used fraudulently, that any online customers were impacted, that any PINs were at risk since we do not use PIN pads in our stores’, said Karen Katz, President and CEO, Neiman Marcus Group in a letter. ‘Malicious software was clandestinely installed on our system and that it attempted to collect or “scrape” payment card data… Of the 350,000 payment cards that may have been affected by the malware in our system, Visa, MasterCard and Discover have notified us to date that approximately 9,200 of those were subsequently used fraudulently elsewhere.’
How Do Cyberattacks Happen?
Cyberattacks happen when individuals or groups exploit weaknesses in computers, networks, or human behaviour to gain unauthorised access to data or systems. In most cases, the process begins with identifying a vulnerability like outdated software, weak password or an unprotected network. Once a weakness is found, attackers use tools such as malware, phishing emails, or fake websites to trick users or penetrate defences. These methods are designed to bypass security barriers and steal, lock, or corrupt data.
Phishing is one of the most common entry points for cyberattacks. It involves sending deceptive messages that appear to be from trusted sources, encouraging people to share passwords or financial information. Once attackers obtain these details, they can use them to log into accounts, install malware, or access wider networks. Similarly, ransomware attacks lock users out of their devices or files, demanding payment to restore access — often crippling individuals or businesses that rely on digital systems.
Cyberattacks can also be automated. Hackers deploy bots that scan the internet for weak points in websites, servers, and devices. In larger attacks, such as Distributed Denial of Service (DDoS), they flood a system with excessive traffic, overwhelming its capacity and causing it to crash. The key takeaway for the everyday person is that most cyberattacks succeed not because of advanced technology, but because of simple mistakes like clicking unsafe links, ignoring software updates or using easy passwords.
Per BoF: ‘[Cyber crime] is getting worse for two reasons’, said Lance Spitzner, senior instructor at the US-based SANS Institute, a cooperative for cyber security professionals. ‘It’s becoming more and more profitable, so cyber criminals are going to follow the money… [and they] are getting much better at it, too. It’s become an entire industry now… [with] the cyber criminal community specialising in different fields.’
Cyber Attacks Affect Everyone Who Shops Online
For the average shopper, the vulnerabilities in fashion retail seem invisible but they affect everyone who shops online. The biggest risks come from the way retailers store and share customer data. When individuals create accounts, save card details, or sign up for loyalty programmes, brands collect personal information. If this data is not properly encrypted or stored in secure servers, it becomes an easy target for hackers.
Fashion Retailers Are Prime Targets
Fashion retailers are prime targets because they collect and store a lot of personal data. Customer details, payment information, purchase history, and delivery addresses are all valuable for identity theft or resale on the dark web. Once stolen, this data can be used for fraud or phishing scams. Third, fashion brands depend on manufacturers, logistics firms, and software providers. If one of these partners has weak security, it can open the door for attackers to reach the main company. Well-known brands like MUJI and Marks & Spencer have faced such risks through their suppliers.
Brands Are Launching Cutting Edge Apps But Is Security Enforced?
Fourth, the retail world is moving online fast. New apps, payment options, and virtual shopping tools are launched quickly to keep up with trends, but sometimes security steps are added later. This creates gaps that hackers exploit. Finally, phishing and ransomware attacks have become common. Employees may click malicious links, giving hackers entry into corporate systems. Once inside, attackers can steal or encrypt data, demanding payment for restoration. For example, Guess suffered a ransomware attack in 2021 that exposed customer Social Security numbers and personal data.
How Can Fashion Retailers Protect Themselves From Cyber Attacks?
Fashion retailers face growing risks from cyberattacks because of reliance on e-commerce, digital payments and third-party suppliers. To stay safe, they must ensure that all their partners and vendors meet strict security standards. This includes separating access to sensitive systems, performing regular security audits, and using multi-factor authentication for vendor portals. Network segmentation can also help — if one part of the system is compromised, the rest remains protected.
Is Security Built Into Every Part Of The Business?
Security must be built into every part of the business — from the customer checkout to the warehouse — and regular software updates and security patches for e-commerce sites, payment systems and supply chain software are essential. Effective cyber protection today will not protect against cyber criminals tomorrow as they too become sophisticated.
Response Strategy
Retailers must have an incident response strategy and backup to restore operations if ransomware or data theft occurs. Staff training plays a vital role — most breaches start with phishing or social engineering, so employees must recognise and report suspicious activity. Monitoring systems should be in place to detect unusual behaviour, such as data transfers or login attempts from strange locations. Encrypting sensitive customer and business data both when stored and while being transferred adds another layer of protection.
HOW CYBER ATTACKS AFFECT SHOPPERS
Cyber attacks impact online shoppers by compromising their personal and financial information. When attackers breach e-commerce platforms, sensitive data such as credit card details, passwords and postal addresses can be stolen, leading to identity theft and financial loss. Shoppers may also lose access to their accounts or face unauthorised purchases made in their name. Such incidents erode trust in online shopping platforms, discouraging customers from future purchases. Additionally, the stress and loss of confidence in digital security can linger long after the attack.
Jasmeen Dugal is Associate Editor at FashionABC, contributing her insights on fashion, technology, and sustainability. She brings with herself more than two decades of editorial experience, working for national newspapers and luxury magazines in India.
Jasmeen Dugal has worked with exchange4media as a senior writer contributing articles on the country’s advertising and marketing movements, and then with Condenast India as Net Editor where she helmed Vogue India’s official website in terms of design, layout and daily content. Besides this, she is also an entrepreneur running her own luxury portal, Explosivefashion, which highlights the latest in luxury fashion and hospitality.
