5 Ways Identity-based Attacks Are Breaching Retail
Jul 08, 2025
SaaS Security / Cyber Threat
From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here's how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren't sophisticated malware or zero-day exploits. They were identity-driven, exploiting overprivileged access and unmonitored service accounts, and used the human layer through tactics like social engineering. Attackers didn't need to break in. They logged in. They moved through SaaS apps unnoticed, often using real credentials and legitimate sessions. And while most retailers didn't share all the technical details, the patterns are clear and recurring. Here's a breakdown of the five recent high-profile breaches in retail: 1. Adidas: Exploiting third-party trust Adidas confirmed a data breach caused by an ...