Vans, North Face owner says ransomware breach affects 35 million people

 


VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack.

The American global apparel and footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems.

"Based on VF's preliminary analysis from its ongoing investigation, VF currently estimates that the threat actor stole personal data of approximately 35.5 million individual consumers," VF Corp said in an 8-K form filed with the U.S. Securities and Exchange Commission (SEC) on Thursday.

"VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor."

The company disclosed the ransomware attack in a December 15 SEC filing, saying the attackers "disrupted the company's business operations by encrypting some IT systems and stole data from the company, including personal data."

As a result of the attack, VF Corp was forced to shut down some of its systems to contain the breach and experienced interrupted replenishment of retail store inventory and delayed order fulfillment, which led to customers canceling orders and delays of some wholesale shipments.

Since then, it has substantially restored the IT systems encrypted in the incident but continues to work through minor operational impacts.

"VF believes the threat actor was ejected from VF's IT systems on December 15, 2023. As of the date of this Amendment, VF-operated retail stores, brand e-commerce sites and distribution centers are operating with minimal issues," this week's SEC filing reveals.

The company has yet to inform its customers of the incident via its official website or social media accounts. It has also not yet disclosed the nature of the data impacted in the breach or whether it has affected its employees, suppliers, resellers, and partners.

VF Corp is currently cooperating with both federal law enforcement and relevant regulatory authorities as it investigates the attack and the extent of its impact.

VF Corp is a Colorado-based apparel firm with an annual revenue of $11.6 billion that employs 35,000 people. It also owns 13 globally recognized brands, including Vans, Timberland, The North Face, Supreme, Dickies, Eastpak, Kipling, Napapijri, AND1, JanSport, Icebreaker, Altra Running, and SmartWool.


Reference: https://www.bleepingcomputer.com/news/security/vans-north-face-owner-says-ransomware-breach-affects-35-million-people/ 


AH 

Comments

Popular posts from this blog

CISA and ENISA enhance their Cooperation

Top Five Most Exploited Vulnerabilities in January 2024

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes