purchased a pair of Timberland shoes? wear a jacket from North Face? You and millions of other customers of well-known high-street brands might have had their information taken by the ALPHV ransomware group.
In an SEC filing last month, VF Corp., the parent company of companies like Vans sneakers and Kipling backpacks, disclosed that it had found evidence of a ransomware attack on its infrastructure, encrypted IT systems, and personal data theft on December 13, 2023.
As a result, operations, including the fulfillment of customers ‘ online orders, were hampered in the months leading up to the important holiday season.
Later, the ALPHV ransomware gang ( also known as BlackCat ) asserted ownership of the security flaw.
VF Corp. informed regulators this week that the attackers had stolen the personal information of 35.5 million customers.
The brand family of VF Corp. includes:
- Altra
- Dickies
- Eastpak
- icebreaker
- JanSport
- Kipling
- Napapijri
- Smartwool
- Supreme
- a North Face
- Timberland
- Vans
You probably wo n’t have to worry that hackers have access to customers ‘ particularly sensitive information because VF Corp does not keep track of their payment card numbers, bank account information, or social security numbers.
Unfortunately, VF Corp. has withheld specific information about the data that was stolen, making it challenging to give consumers who might be affected specific advice.
For instance, VF Corp claims that it has not discovered any proof of the theft of customer passwords. However, I believe that if I had given the aforementioned brands access to my personal information, there is no reason for me to hesitate to change the necessary passwords.
It would not surprise me if personal contact information, addresses, and order information were included in the data exfiltrated by the attackers, despite the specifics of what specific data has been stolen.
In the wake of the breach, VF Corp. claims that its ecommerce sites and distribution centers are currently “operating with minimal issues” and that it is cooperating with law enforcement organizations and regulators.
The business claims that while it is still unsure of the cost associated with the security breach ( and how much it will cost to fix it ), it believes the impact will not be material to the company’s financial situation and is therefore” not material.”
According to VF Corp., by submitting claims to its cybersecurity insurers, it will try to recover the breach’s costs.