Business
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack
VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme, and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year.
The Denver, Colorado-based corporation said in a filing with federal regulators that the cyberattack, which the company first detected on December 13, saw hackers disrupt the company’s operations “by encrypting some IT systems, and stole data from the company, including personal data,” implying a ransomware attack.
As a result, the company says it continues to experience operational disruptions, including its “ability to fulfill orders.”
When TechCrunch attempted to place an order on the Vans website, a message read: “Apologies, due to logistical disruption, the estimated delivery dates shown in the checkout process are incorrect. You will be notified by email when your item ships and can then track it with the shipper.”
VF Corp. said in its filing that the retail stores it operates globally are open, and that consumers can purchase available merchandise online. It’s unclear when orders are expected to ship, and a company spokesperson did not say when.
When reached by email, VF Corp. spokesperson Colin Wheeler provided TechCrunch with a statement that echoed the company’s filing with regulators. The company did not answer TechCrunch’s questions about the incident, nor would it say whether the company had received a ransom demand from the hackers.
The company has not yet said how it was compromised, what kinds of data was accessed, and how many individuals — whether employees, customers, or both — are affected by the breach. It’s also not known who was behind the attack, which has not yet been claimed by any tracked ransomware group.
In its regulatory filing, VF Corp. warned that the cyberattack would have a “material impact” on its business until its systems are recovered. “As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known,” the filing states.
VF Corp disclosed the incident on the same day that the U.S. Securities and Exchange Commission’s new data breach disclosure rules came into force. This regulation means that organizations must report cybersecurity incidents, including data breaches, to the federal government’s securities regulator within four business days.
-
Entertainment6 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment6 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment5 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment3 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know