Millions of Vans, North Face customers confirmed they were affected by a data breach
The data of millions of Vans, Supreme and The North Face customers has been stolen following a cyber attack on parent company VF Corp, the company has confirmed.
At the end of last year, VF Corp. filed a report with the SEC, claiming it noticed an attack on December 13 that encrypted “some IT systems.”
While VF initially said hackers managed to steal personal data from the company, it did not say which data was specific, who the data belonged to, or how many people were affected.
Payment details are safe
VF has now filed a new report with regulators, further detailing the breach. TechCrunch reports, showing that the hackers stole personal data of 35.5 million customers.
Other details about the data are still missing, but some things could be eliminated, as VF said it doesn’t track Social Security numbers, bank account information, or payment card information.
That leaves things like names, dates of birth, email addresses, postal addresses, but also passwords and purchase history. VF said there is no evidence that passwords have been tampered with.
The attackers planted ransomware on VF’s infrastructure, forcing the company to disconnect some endpoints and shut down parts of the network. As a result, the shipping calculator broke, leaving customers in the dark about when their purchases might arrive. However, the companies were still able to take orders.
The aftermath of the ransomware attack remains to be seen. VF said it expects a “material impact”, but did not elaborate further.
Typically, ransomware groups steal valuable data that they can exchange for cryptocurrencies, either from victims or on the black market. If it’s not proprietary data that could be useful to competitors, it’s customer data like names, email addresses and more.