Vans, Supreme owner VF Corp says personal data stolen and orders affected in suspected ransomware attack

0


VF Corporation, the US-based owner of apparel brands including Vans, Supreme and The North Face, has confirmed that a cyberattack has affected the company’s ability to fulfill orders ahead of Christmas, one of the biggest retail events of the year. Is.

The Denver, Colorado-based corporation said in a filing with federal regulators that the cyberattack, which the company first discovered on Dec. 13, involved hackers disrupting the company’s operations by encrypting certain IT systems, and compromising personal data. Stolen data from. ,” indicating a ransomware attack.

As a result, the company says it is experiencing operational disruptions, including its “ability to fulfill orders.”

When TechCrunch attempted to place an order on the Vans website, a message read: “Sorry, due to logistics disruption, the estimated delivery dates shown in the checkout process are incorrect. You will be notified by email when your item is dispatched and you can then track it with the sender.”

VF Corp said in its filing that retail stores operated by it globally are open, and consumers can purchase available merchandise online. It’s unclear when the orders are expected to be shipped, and a company spokesperson did not say when.

Contacted by email, VF Corp spokesperson Colin Wheeler provided TechCrunch with a statement, citing the company’s filings with regulators. The company did not respond to TechCrunch’s questions about the incident, and will not. Explain whether the company received a ransom demand from the hackers.

The company has not yet disclosed how it was compromised, what type of data was accessed, and how many individuals – whether employees, customers, or both – were affected by the breach. It is also not known who was behind the attack, which has not been claimed by any tracked ransomware group yet.

In its regulatory filing, VF Corp warned that the cyberattack would have a “material impact” on its business unless its systems were fixed. “As the incident remains under investigation, the full scope, nature and impact of the incident is not yet known,” the filing said.

VF Corp disclosed the incident on the same day the US Securities and Exchange Commission’s new data breach disclosure rules went into effect. This regulation means that organizations must report cybersecurity incidents, including data breaches, to the federal government’s securities regulator. Within four business days.



Source link

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *