Millions of Vans, Supreme and The North Face customers suffered data theft following a cyberattack against parent company VF Corp, the company confirmed.
Late last year, VF Corp. filed a report with the SEC, saying it detected an attack on Dec. 13 that encrypted “some IT systems.”
While VF initially said hackers managed to steal personal data from the company, it did not say what data specifically, whose data it was, or how many people were affected.
Payment details are secure
VF has now filed a new report with regulators, further detailing the breach, TechCrunch reports, revealing that hackers stole personal data from 35.5 million customers.
Other details about the data are still missing, but some things can be redacted, as VF said it doesn't keep social security numbers, bank account information, or payment card information.
That leaves things like names, dates of birth, email addresses, postal addresses, as well as passwords and purchase history. VF said there is no evidence that passwords have been altered.
The attackers deployed ransomware to VF's infrastructure, forcing the company to take some endpoints offline and shut down parts of its network. As a result, the shipping calculator broke, leaving customers unsure when their purchases might arrive. However, companies were still able to accept orders.
The consequences of the ransomware attack remain to be seen. VF says it expects a “material impact,” but did not elaborate.
Typically, ransomware groups steal valuable data that they can exchange for cryptocurrency, either with victims or on the black market. If it's not proprietary data that could be useful to competitors, then it's customer data like names, email addresses, and more.
