Blog Layout
The Cybersecurity Lair™ • January 25, 2024

Follow up News | Vans Vault: Uninvited Cyber Sneak Peek – 35.5 Million Customer Profiles Stroll Off the Digital Shelves

Security Breach at VF Corporation Exposes 35.5 Million Customers' Data

VF Corporation, the parent company of popular clothing and footwear brands like Vans and North Face, reported a security breach in December, affecting 35.5 million customers. The incident was disclosed in an 8-K/A filing with the Securities and Exchange Commission (SEC). While the exact nature of the compromised information remains undisclosed, VF Corp assured that sensitive data such as social security numbers, bank account information, and payment card details were not accessed as they are not stored in its IT systems. The company also stated that there is no evidence of consumer passwords being compromised, but investigations are ongoing.

The breach seems to have primarily impacted consumer-related data, with no mention of staff, business partners, or other stakeholders being affected. VF Corp has managed to substantially restore its IT systems, minimising operational disruption, and mentioned that online and retail stores are now operating with minimal disruption. However, the attack did lead to issues in replenishing retail stores' inventory, causing customer order cancellations and reduced demand on some brand e-commerce sites.


The incident is suspected to involve ransomware, as parts of VF Corp's IT systems were encrypted. The AlphV/BlackCat gang claimed responsibility for the attack, although the company has not officially confirmed this. The filings suggest careful wording to avoid explicitly mentioning ransomware, a common practice in the industry to downplay the severity of such incidents.

Key Points:


VF Corporation, parent company of Vans and North Face, suffered a security breach impacting 35.5 million customers.


Sensitive information like social security numbers, bank details, and payment card information remained uncompromised, according to VF Corp.


No evidence of consumer passwords being accessed, but investigations are ongoing.

The breach primarily affected consumer-related data, with no mention of staff or business partners being impacted.


VF Corp has substantially restored its IT systems, minimising operational disruption, but faced challenges in replenishing retail stores' inventory.


The incident is suspected to involve ransomware, with encrypted IT systems; however, VF Corp has not officially confirmed this.


The company's disclosure suggests cautious wording, avoiding explicit mention of ransomware, a common industry practice.


Source and further reading.


Jones, C. (2024, January 19). Thieves steal 35.5M customers’ data from Vans sneakers maker. The Register. https://www.theregister.com/AMP/2024/01/19/vf_corp_ransomware_impact


TechCrunch is part of the Yahoo family of brands. (2023, December 18). https://techcrunch.com/2023/12/18/vans-supreme-vf-corporation-personal-data-stolen-orders-impacted-ransomware/

Share by: