Retail data breaches can give hackers access to customer information like bank account or payment card numbers, phone numbers, addresses, and login information. Retailers at risk can include stores with physical locations, e-commerce platforms, and service providers. When hackers infiltrate consumer data, these retail cybersecurity risks can potentially put millions of customers at risk.
Retailers around the U.S. process and complete millions of transactions a day, making them ideal targets for cybercriminals seeking to access consumer data. With hackers constantly trying to improve their skills, brick-and-mortar retailers, chains, and e-commerce sellers routinely face attempts to breach their data.
Nearly 25% of all cyberattacks are levied against retailers, and they experience more breaches than any other industry. Many retailers keep customer information on file, but not all retailers have the same level of cybersecurity protecting this data, leaving them vulnerable to hackers.
Data breaches can occur in many different companies or industries, from health care to high-end fashion retailers. Generally, regardless of the business affected, data breaches tend to have similar consequences.
Retailers experiencing data breaches have similar issues, such as:
When you’re a victim of a retail data breach, it can cause serious trouble for you. Retail data breaches can put your name, credit card, personal address, and other financial information at risk. Consequences of being a victim of a retail data breach can include:
Several well-known retailers have suffered data breaches, impacting millions of customers. Some retailers operate entirely online, and many store customer data, which makes this information vulnerable. Here are some of the most recent and notable retail data breaches.
In 2013, Target was the center of a cyberattack, exposing 70 million customers’ personal and payment information. In the data breach, 41 million payment cards were exposed. Target paid fines of over $18 million, and with other costs, the breach cost $290 million.
Home Depot paid $17.5 million to settle customer claims after a 2014 data breach exposed 52 million customers’ personal information. Malware infected Home Depot’s point of sale system, obtaining customer data.
Neiman Marcus notified 4.6 million customers in September 2021 that a hacker accessed their online accounts in May 2020. The information stolen by cyber criminals included names, passwords, addresses, and card numbers.
All customers had to change their passwords, and a call center was created for the incident.
Shein and Romwe’s parent company, Zoetop Business Company, agreed to a $1.9 million settlement in New York after failing to protect customers’ personal information. The $1.9 million is for state penalties and to improve cybersecurity measures in the future. The cyber attack occurred in 2018, and across the world, 39 million accounts were impacted.
Even the most prominent retailers, whether brick-and-mortar or online, with large teams and extensive resources, remain susceptible to data breaches and the exposure of their customers’ personal information, along with other industries.
Even now, major retail data breaches happen often globally, and to companies you would expect security from, like high-end retailers and household athletic brands, in 2025.
In August 2025, Louis Vuitton North America notified customers of its network’s June 2025 data breach. The breach affected 23,570 residents of Texas, 17,615 from Washington, and 419,000 customers in different countries, such as South Korea, Turkey, the United Kingdom, Italy, and Sweden. The leak compromised customer data such as names, contact information, addresses, dates of birth, and other personal information.
If you received notification of this data breach or are a Louis Vuitton customer, you should seek additional information about your legal rights.
In May 2025, Adidas announced that an unauthorized party obtained consumer data through a third-party provider, leaking contact information for consumers who previously contacted customer service.
No financial information or passwords were compromised during the incident, but the data breach shows how vulnerable even leading global brands are to supply chain risks and vulnerabilities. Adidas is working to inform affected customers, improve data protection, and collaborate with law enforcement.
In June 2025, Cartier informed customers that their website had been hacked, and client data had been stolen. The personal information accessed by unauthorized parties included email addresses, names, and countries, but not passwords or credit card and payment details. This breach happened around the same time as many other retailers experienced data breaches, increasing awareness of the risk to customers.
In June 2025, The North Face confirmed it suffered a data breach in April 2025, with hackers obtaining information like names, addresses, and phone numbers. No payment information was accessed, but purchase history was.
Hackers used credential stuffing software to access old login information stolen from previous breaches. If you reuse a password, this information can be used in other situations. The North Face is requiring customers to change their passwords.
Belk, a department store chain with 300 locations in the southeastern states and an online presence, announced in July that nearly 156 gigabytes of data were stolen through a ransomware attack by a hacker group, likely in May 2025. The hacker group—DragonForce—had also targeted Harrods, Victoria’s Secret, and Whole Foods.
Think you were impacted? Check your eligibility and opt in for updates.
As a consumer, there is no exact method to guarantee your data will never be breached. Over 60% of consumers say they do not feel confident about their data’s security due to inadequate cybersecurity, with 25% saying they know their information is unsafe with retailers.
While you may not be able to prevent a breach, you can protect it as much as possible. To lower your immediate risk of a retail data breach, there are some steps you can take:
After a retail data breach, you can take steps like contacting legal counsel and gathering evidence. You may be eligible for compensation through legal recourse if you were notified that your information was involved in a retail data breach.
Pursuing a class action lawsuit after a retail data breach can hold companies accountable for failing to protect consumer information. If a data breach is serious enough, a class action lawsuit may already have been filed, and you may be able to join the existing suit as a class member and claim settlement funds. You can also pursue an individual claim or serve as the lead plaintiff in a class action against negligent retailers.
Settlements through a claim provide customers with a chance for reimbursement for losses after a data breach, if their identity or financial information was stolen. Typically, legal agreements will provide victims of the breach with identity theft insurance protection or credit monitoring services.
Joining a class action lawsuit lets victims receive justice and recover compensation for harm caused by a company without upfront costs, with lawyers typically working on a contingency basis. To qualify as a class member, you must meet specific requirements and provide essential documentation to support your claim.
After major retail data breaches, you may wonder what your next steps are. Class Action U provides resources, updates, and legal insight into data breaches, helping you understand how to protect your identity, safeguard your finances, and whether you may be eligible for compensation through a class action lawsuit.
If your personal or financial information was exposed in a retail data breach, you don’t have to face the fallout alone. Stay informed, know your rights, and take action now with ClassActionU for a free, no-obligation review—we’ll help you check eligibility, gather documents, and connect with a data-breach attorney.
Contact us today for a free consultation. Don’t stand alone. Join the class.
"*" indicates required fields
©2024 ClassActionU
