Have you bought Timberland shoes? Wearing a North Face jacket? Your information, as well as that of millions of buyers of other popular commercial brands, may have been stolen by the ALPHV ransomware group.
Last month, VF Corp, the parent company of brands such as Vans sneakers and Kipling backpacks, revealed in an SEC filing that it discovered on December 13, 2023 that hackers had breached its infrastructure and encrypted IT systems and stolen Personal Data. Ransomware attack.
As a result, operations including fulfilling customer online orders have been disrupted ahead of the critical holiday season.
The ALPHV ransomware gang, also known as BlackCat, later claimed responsibility for the leak.
This week, VF Corp told regulators that attackers stole the personal data of 35.5 million customers.
VF Corp’s family of brands include:
- other
- dicks
- Oriental suit
- icebreaker
- Jane Sports
- Kipling
- Napa Pigiri
- Wisdom wool
- Highest
- The North Face
- Timberland
- truck
The good news is that VF Corp doesn’t retain consumers’ payment card details, bank account information or Social Security numbers – so you probably don’t have to worry about this particularly sensitive information falling into the hands of hackers.
Frustratingly, VF Corp did not share specific details of what data was stolen, making it difficult to provide specific advice to consumers who may have been affected.
VF Corp, for example, said it had not found any evidence that customer passwords had been stolen. However, I think that if I entrusted my personal information to the above-mentioned brands, I would not hesitate to change the relevant passwords, just in case.
Despite the details of the specific data stolen, I wouldn’t be surprised if the attackers stole personal contact, address, and order information among the data they stole.
VF Corp said its e-commerce website and distribution centers are currently “operating with minimal issues” and that it is cooperating with law enforcement and regulators following the breach.
The company said it was unclear how much the security breach (and its recovery) cost, but that it believed the impact was “not material” and was “unlikely to have a material impact on its financial position.”
VF Corp said it would seek to recoup losses from the breach by submitting a claim to cybersecurity insurance companies.
