The renowned parent company of iconic fashion brands such as Vans, Supreme, and The North Face, has acknowledged falling victim to the VF Corp cyberattack, resulting in a compromise of personal data belonging to approximately 35.5 million customers.
The VF Corp cyber incident, which transpired in December, has raised concerns about the security of consumer information for the fashion giant.
In a regulatory filing, VF Corp disclosed that hackers orchestrated the breach, but the nature of the pilfered personal data remains unspecified. Notably, the company clarified that its direct-to-consumer practices exclude the collection or retention of sensitive information like social security numbers, bank details, or payment card information.
As the investigation unfolds, VF Corp reassured that no evidence has surfaced, thus far, indicating the acquisition of consumer passwords by the threat actors.
VF Corp Cyberattack Claimed by BlackCat Ransomware
The cybercriminals, identified as the ransomware group ALPHV (also known as BlackCat ransomware), claimed responsibility for the VF Corp cyberattack.
Their tactics involved disrupting VF Corp’s operations by encrypting certain IT systems, leading to a temporary halt in some product orders and other disruptions. Despite the challenges posed by the cyber incident, VF Corp has made significant progress in restoring the impacted IT systems and data, minimizing the operational setbacks.
The company emphasized its commitment to addressing the aftermath of the cyber incident and stated, “While the investigation remains ongoing, VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor.” This proactive approach aligns with VF Corp’s dedication to transparency and accountability in managing the fallout from the cyber incident.
Detection and Mitigation
On December 13, 2023, VF Corp detected unauthorized activities on a segment of its information technology (IT) systems. Promptly responding to the situation, the company has been collaborating with federal law enforcement agencies and relevant regulatory authorities, adhering to legal obligations.
This cooperation reflects VF Corp’s responsibility in mitigating the impact of the cyber incident and ensuring the security and privacy of its customers.
As the fashion industry grapples with the increasing frequency of cyberattacks, the VF Corp cyberattack reminds fashion giants of the importance of better cybersecurity measures.
The company’s proactive response and ongoing cooperation with authorities exemplify a commitment to safeguarding customer trust in the face of cybersecurity challenges.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.