American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions.
VF Corp. is a Colorado-based apparel firm owning 13 globally recognized brands. The company employs 35,000 people and has an annual revenue of $11.6 billion.
Apart from the brands mentioned above, VF Corp. owns Dickies, Eastpak, Kipling, Napapijri, AND1, JanSport, Icebreaker, Altra Running, and SmartWool.
In a Form 8-K disclosure filed with the U.S. SEC (Securities and Exchange Commission) on Friday, VF informed shareholders of a cyberattack that occurred on December 13, 2023.
In response to the detected unauthorized access on its network, the company shut down some of its systems and brought in external experts to help contain the attack.
However, the threat actors managed to encrypt some of the company’s computers and steal personal data.
“The threat actor disrupted the company’s business operations by encrypting some IT systems, and stole data from the company, including personal data,” warned VF Corp.
It is unclear if the stolen data impacts only employees, suppliers, resellers, partners, or customers.
While the attack bears all the hallmarks of a ransomware attack, at the time of writing this, no ransomware groups have taken responsibility for the incident.
The impact of the incident on the company’s operation is significant and is expected to have a lasting effect on the business.
“The company is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail and brand e-commerce consumers and wholesale customers,” reads the SEC filing.
“As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the company’s business operations until recovery efforts are completed.”
VF Corp says its physical retail stores will operate normally worldwide. Still, customers will likely experience delays in the fulfillment of online orders or an inability to place orders on some of the said brands’ e-commerce sites.
The company is still assessing the full extent of the security breach and its potential impact on financials and operations. The timing of the incident during the Christmas shopping season no doubt exacerbates the situation.