Ralph Lauren probes supply‑chain hack
Reports say Ralph Lauren is investigating a suspected supply‑chain cyberattack that appears to have originated at a third‑party vendor rather than its own systems. (escudodigital.com) Coverage links the incident to a wave of third‑party compromises affecting retailers and service providers. (blog.rankiteo.com)
Ralph Lauren is investigating a suspected cyberattack that appears to have come through a third-party vendor, not the company’s own systems. (escudodigital.com) The report was published April 14, 2026, and said the scope of the incident is still unclear, including what data may have been exposed and whether users outside the United States were affected. Ralph Lauren had not publicly commented at the time of publication. (escudodigital.com) A supply-chain attack is a break-in through a company’s partners rather than its front door. In this case, the reporting points to a supplier or service provider as the suspected entry point. (escudodigital.com) That matters for retailers because they share payment processors, software vendors, logistics providers, and information-technology contractors across the same networks. Black Kite said on January 21, 2026, that 52% of the retail supply chain had exposed credentials and more than 70% of major retailers did too. (blackkite.com) The group claiming the Ralph Lauren incident is CoinbaseCartel, according to Escudo Digital and follow-on coverage published April 14, 2026. Those reports say the same group also claimed breaches involving Carter’s and Helzberg Diamonds. (escudodigital.com; rankiteo.com) Escudo Digital said CoinbaseCartel appeared in September 2025 and had claimed more than 130 victims within months across healthcare, technology, telecommunications, finance, and transportation. The article also said analysts have floated possible ties to ShinyHunters, Scattered Spider, or LAPSUS$, though the operators remain unidentified. (escudodigital.com) As of April 15, 2026, Ralph Lauren’s investor relations site did not show a new current report about a cyber incident after its February 5, 2026 filing. Public companies generally disclose a cyber incident on Form 8-K only if they determine it is material. (investor.ralphlauren.com; sec.gov; debevoisedatablog.com) Ralph Lauren is a large public retailer with more than $2 billion in cash and short-term investments, according to its May 22, 2025 annual results, so even a vendor-side incident can raise questions about customer data, operations, and disclosure thresholds. For now, the public facts are narrow: a claim, a reported third-party entry point, and an investigation still in its early stage. (corporate.ralphlauren.com; escudodigital.com)
