Cyber attack on brands Vans, TheNorthFace and others affects pre-holiday order delays
American company VF Corporation, the owner of brands such as Vans, Supreme and TheNorthFace, has confirmed that it has suffered a cyber attack that is affecting its ability to fulfill the orders it receives in the run-up to the holidays, one of the biggest retail events of the year. The cyber attack was discovered on December 13, according to the document submitted by the company to the regulators, and it includes the theft of personal data, which indicates ransomware.
As a result, the company reportedly continues to suffer disruptions in operations, including delivery, reports TechCrunch. If you try to order something from, for example, the Vans site, you may encounter a notice that says “due to a logistical disruption, the estimated delivery dates shown in the checkout process are incorrect.” While apologizing, the company says it will notify users via email once their item actually ships.
VF Corp. stated in its filing that the retail stores it operates around the world are open, and that consumers can purchase available goods online. However, it is uncertain when the orders will be delivered, and a company spokesperson did not provide additional information.
In addition, VF Corporation has not filed detailed reports on the hacking incident, nor has it disclosed to the media whether it has received a ransom demand from the hackers. This means that it is not known exactly how personal data was compromised, what data was stolen, and how many individuals, employees, and clients were compromised in this way.
No known ransomware hacker group has yet claimed responsibility for the attack, so the perpetrators remain unknown at this time. It is certain that this cyberattack will have a “material impact” on the business of the company and its brands, given that VF Corporation emphasized this in its regulatory filing.
It is interesting that the company reported the incident on the same day that the new rules of the US Securities and Exchange Commission came into force in the US, specifically on the disclosure of a data breach. These rules require organizations to report hacking incidents, including data theft, to the US federal securities regulator within four business days.