Article Details
Scrape Timestamp (UTC): 2024-01-19 14:37:01.019
Original Article Text
Click to Toggle View
Vans, North Face owner says ransomware breach affects 35 million people. VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. The American global apparel and footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems. "Based on VF's preliminary analysis from its ongoing investigation, VF currently estimates that the threat actor stole personal data of approximately 35.5 million individual consumers," VF Corp said in an 8-K form filed with the U.S. Securities and Exchange Commission (SEC) on Thursday. "VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor." The company disclosed the ransomware attack in a December 15 SEC filing, saying the attackers "disrupted the company's business operations by encrypting some IT systems and stole data from the company, including personal data." As a result of the attack, VF Corp was forced to shut down some of its systems to contain the breach and experienced interrupted replenishment of retail store inventory and delayed order fulfillment, which led to customers canceling orders and delays of some wholesale shipments. Since then, it has substantially restored the IT systems encrypted in the incident but continues to work through minor operational impacts. "VF believes the threat actor was ejected from VF's IT systems on December 15, 2023. As of the date of this Amendment, VF-operated retail stores, brand e-commerce sites and distribution centers are operating with minimal issues," this week's SEC filing reveals. The company has yet to inform its customers of the incident via its official website or social media accounts. It has also not yet disclosed the nature of the data impacted in the breach or whether it has affected its employees, suppliers, resellers, and partners. VF Corp is currently cooperating with both federal law enforcement and relevant regulatory authorities as it investigates the attack and the extent of its impact. VF Corp is a Colorado-based apparel firm with an annual revenue of $11.6 billion that employs 35,000 people. It also owns 13 globally recognized brands, including Vans, Timberland, The North Face, Supreme, Dickies, Eastpak, Kipling, Napapijri, AND1, JanSport, Icebreaker, Altra Running, and SmartWool.
Daily Brief Summary
VF Corporation disclosed a ransomware attack that compromised the personal information of over 35 million customers, but no sensitive financial data was breached.
The attack, which occurred in December 2023, did not result in stolen consumer passwords, according to VF Corp's ongoing investigation.
The cybersecurity incident forced VF Corp to shut down certain IT systems, disrupting retail inventory replenishment and causing delays in order fulfillment.
Although significant IT systems have been restored, VF Corp continues to manage minor operational impacts from the breach.
VF Corp claims to have removed the threat actor from its systems on December 15, 2023, and currently operates its retail stores and online platforms with minimal issues.
There has been no information from VF Corp regarding notification to affected customers or details about the specific types of personal data compromised.
VF Corp is collaborating with law enforcement and regulatory authorities to thoroughly investigate the breach and its repercussions.