VF discloses data breach impacted 35.5M customers
By 
Kyle Brasseur2024-01-19T19:40:00
Apparel company VF Corp., the owner of brands including The North Face, Vans, and Timberland, disclosed its estimation approximately 35.5 million customers had their personal data stolen as part of a cybersecurity incident it uncovered in December.
The update provided by VF in a filing with the Securities and Exchange Commission (SEC) on Thursday marks the latest development since the company first detected unauthorized access to its information technology systems on Dec. 13. VF said it believes the threat actor was ejected from its IT systems Dec. 15 and is still working with law enforcement regarding the matter.
The 35.5 million customer total is based on the company’s preliminary analysis of its ongoing investigation, it said. The fact its IT systems were targeted by the attack might have saved certain financial information from being stolen.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefSEC official clarifies material incident reporting under new cyber rule
Erik Gerding, director of the Securities and Exchange Commission’s Division of Corporation Finance, issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.
-
PremiumSurvey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
-
News BriefAT&T: Data leak exposed info of 73M customers onto dark web
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.