VF Corporation, the esteemed apparel brand owner behind Vans, Supreme, and The North Face, faces a major setback following a cyberattack. This breach has severely impacted the company’s ability to meet Christmas orders, a crucial event in the retail calendar.
In a regulatory statement released on Monday, the company stated that it had “detected unauthorized occurrences” on its IT systems and stated that the VF Corporation cyberattack interfered with “business operations by encrypting some IT systems and stole data from the company, including personal data.”
The websites for the company’s different subsidiary brands remain operational, facilitating customer purchases. Additionally, some of its IT systems are functional both in retail outlets and online.
However, according to VF Corporation’s regulatory filing, it’s still “experiencing certain operational disruptions,” such as difficulties filling orders.
VF Corporation Cyberattack Explained
In a filing with federal regulators, the company stated that it was the victim of the VF Corporation cyberattack that began on December 13 and involved hackers who disrupted business operations “by encrypting some IT systems and stole data from the company, including personal data,” which appears to be a ransomware attack.
The company further stated that its retail locations across the world are open and that customers can buy the products online. The firm did not specify when orders are expected to ship.
The details surrounding the VF Corporation cyberattack remain shrouded in mystery. The company has not revealed the method of the breach, the specific personal information accessed, or the scale of those affected.
Moreover, no ransomware group has come forward to claim responsibility, leaving the perpetrators behind this attack still unidentified.
In the regulatory filing, the VF Corporation issued a cautionary statement, highlighting the substantial effect of the cyberattack on its operations until system restoration. The document notes that “the full scope, nature, and impact of the incident are not yet known as the investigation into the incident is ongoing.
The incident was made public by VF Corporation on the same day that the new data breach disclosure guidelines from the US Securities and Exchange Commission went into effect. According to this rule, companies have four business days to notify the federal government’s securities regulator of any cybersecurity issue, including data breaches.
About VF Corporation
VF Corporation (VFC) is a multinational apparel, footwear and accessories firm. Founded in 1899 by John Barbey, the company is located in Denver, Colorado. VF Corporation’s 13 brands are organized into three categories: Outdoor, Active, and Work. Some of their brands include: Vans, The North Face, Timberland, Dickies and JanSport. VF Corporation is one of the world’s biggest makers of apparel, footwear and accessories. In 2023, the company was included in the Fortune 500 list.
What Does the Cyberattack on VF Corporation Mean?
The cyberattack on VF Corporation can have serious repercussions in all aspects of its business operations. Its data breach could expose sensitive customer and employee data which will create grave privacy concerns as well as negatively affect stakeholders’ trust in the company. The repercussions in terms of money could be huge, adding to costs for investigations and clean-up work as well as recovery claims.
Downtime and financial losses may result in hampering productivity and supply chain management of the VF Corporation. Given that VF Corporation does in all likelihood possess valuable designs, patents, and proprietary information, the theft of intellectual property is another serious threat.
In addition, the VF Corporation cyberattack affects the company’s image in the public eye. Customers may lose confidence that their shopping experience is safe with this company nor that their private data and transactions will be securely handled by it.
Regulatory consequences, such as fines or legal action for violation of data protection laws are another thing to worry about.
Cybersecurity awareness training is now part of a typical employee training program to reduce the vulnerability of being exposed to employees’ faults. High levels of investment in cybersecurity technologies and constant upgrading are necessary to maintain the ability of organizations to resist evolving threats. Working with experts in cybersecurity helps to make sure that the company is secure from developing threats and employs industry-standard methods for defense, further strengthening its posture.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.