VF Corporation, the owner of popular brands like Supreme, Vans, Timberland, and The North Face, experienced a cyberattack on December 13, 2023, leading to operational disruptions. The apparel giant revealed the incident in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC). The attack involved the encryption of some IT systems, and the threat actors managed to steal data, including personal information. Although the company is actively working to bring affected systems back online and implementing workarounds, the incident is expected to have a material impact on VF Corp’s business operations.
In response to the unauthorized access on its network, VF Corp took swift action, shutting down affected systems and enlisting external experts to contain the attack. The nature of the stolen data, whether it pertains to employees, suppliers, resellers, partners, or customers, remains unclear. While the incident exhibits characteristics of a ransomware attack, as of the latest information, no specific ransomware group has claimed responsibility. VF Corp reassured that its physical retail stores would continue to operate normally globally, but customers might experience delays in online order fulfillment or encounter difficulties placing orders on some e-commerce sites affiliated with its brands.
The company is undergoing a comprehensive assessment to determine the full extent of the security breach and its potential impact on financials and operations. Given the timing of the incident during the Christmas shopping season, the disruption is particularly challenging. VF Corp aims to minimize the impact by restoring systems, implementing workarounds, and addressing the incident’s fallout. The disclosure serves as a reminder of the pervasive cybersecurity threats faced by large corporations, emphasizing the need for robust cybersecurity measures to safeguard sensitive data and maintain business continuity.