VF Corp, the parent company of Vans and North Face, has been targeted by a ransomware attack.

18 Dec 2023

1 MIN read

VF Corporation, a leading American apparel and footwear company known for owning brands like Supreme, Vans, Timberland, and The North Face, recently announced a security breach causing operational disruptions.

Headquartered in Colorado, VF Corp. manages 13 internationally renowned brands, employs around 35,000 staff, and generates annual revenues of about $11.6 billion. Its portfolio also includes Dickies, Eastpak, Kipling, Napapijri, AND1, JanSport, Icebreaker, Altra Running, and SmartWool.

On December 13, 2023, VF Corp. reported a cyberattack in a Form 8-K submission to the U.S. Securities and Exchange Commission (SEC). Following the detection of unauthorized network access, the company deactivated some systems and sought external expert assistance to mitigate the attack.

Despite these efforts, the attackers succeeded in encrypting certain computer systems and extracting personal data. VF Corp. indicated that the attack encrypted IT systems and resulted in data theft, including personal information, though it’s unclear who is affected among employees, suppliers, resellers, partners, or customers.

No ransomware groups have claimed responsibility for the attack yet, which bears the typical signs of ransomware. The incident significantly disrupts the company’s operations and is anticipated to have a prolonged impact.

VF Corp. is striving to restore affected IT systems and develop alternative solutions for offline operations to minimize disruption in serving its retail and e-commerce consumers and wholesale clients. The SEC filing notes that the incident has had and will likely continue to have a substantial effect on business operations until recovery is complete.

Physical retail stores of VF Corp. remain operational globally, but online order fulfillment and order placements on some brand websites might experience delays.

The company is evaluating the breach’s full extent and its potential financial and operational implications. The timing of the breach, coinciding with the Christmas shopping season, further complicates the situation.