The news: A wave of cyberattacks is sweeping through the retail industry, with Cartier and North Face the latest to report breaches. Both companies recently notified customers that their names and email addresses had been stolen, although financial information remained secure.

The landscape: The disclosures cap several months of chaos for retailers, who are increasingly finding themselves the target of choice for hackers looking to gain access to customer information.

• Last week, Victoria’s Secret was forced to shut down its ecommerce operations and corporate systems for three days following a data breach. While the company said the disruption did not materially impact sales, it led to expenses that could affect future financial results.
• Adidas disclosed a cyberattack late last month that gave criminals access to some customer data, but not passwords, credit card numbers, or other payment-related information.
• Marks & Spencer doesn’t expect its ecommerce business to be fully back online until July—over two months after hackers gained access to its systems in a hugely damaging cyberattack that is set to wipe out £300 million ($383.3 million) in profits.

Our take: The surge in cyber incidents is coming at the worst possible time for retailers, who are already dealing with extreme upheaval in their supply chains and looking for any opportunity to cut costs. But M&S’ cautionary tale should be a wake-up call for companies to assess—and possibly upgrade—their cybersecurity measures, and make sure that all employees have robust training to prevent criminals from slipping through the cracks.