Business
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack
VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme, and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year.
The Denver, Colorado-based corporation said in a filing with federal regulators that the cyberattack, which the company first detected on December 13, saw hackers disrupt the company’s operations “by encrypting some IT systems, and stole data from the company, including personal data,” implying a ransomware attack.
As a result, the company says it continues to experience operational disruptions, including its “ability to fulfill orders.”
When TechCrunch attempted to place an order on the Vans website, a message read: “Apologies, due to logistical disruption, the estimated delivery dates shown in the checkout process are incorrect. You will be notified by email when your item ships and can then track it with the shipper.”
VF Corp. said in its filing that the retail stores it operates globally are open, and that consumers can purchase available merchandise online. It’s unclear when orders are expected to ship, and a company spokesperson did not say when.
When reached by email, VF Corp. spokesperson Colin Wheeler provided TechCrunch with a statement that echoed the company’s filing with regulators. The company did not answer TechCrunch’s questions about the incident, nor would it say whether the company had received a ransom demand from the hackers.
The company has not yet said how it was compromised, what kinds of data was accessed, and how many individuals — whether employees, customers, or both — are affected by the breach. It’s also not known who was behind the attack, which has not yet been claimed by any tracked ransomware group.
In its regulatory filing, VF Corp. warned that the cyberattack would have a “material impact” on its business until its systems are recovered. “As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known,” the filing states.
VF Corp disclosed the incident on the same day that the U.S. Securities and Exchange Commission’s new data breach disclosure rules came into force. This regulation means that organizations must report cybersecurity incidents, including data breaches, to the federal government’s securities regulator within four business days.
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment7 days ago
The 22 greatest horror films of 2024, and where to watch them
-
Entertainment7 days ago
Rules for blocking or going no contact after a breakup
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end