Apparel company VF Corp., the owner of brands including The North Face, Vans, and Timberland, disclosed its estimation approximately 35.5 million customers had their personal data stolen as part of a cybersecurity incident it uncovered in December.

The update provided by VF in a filing with the Securities and Exchange Commission (SEC) on Thursday marks the latest development since the company first detected unauthorized access to its information technology systems on Dec. 13. VF said it believes the threat actor was ejected from its IT systems Dec. 15 and is still working with law enforcement regarding the matter.

The 35.5 million customer total is based on the company’s preliminary analysis of its ongoing investigation, it said. The fact its IT systems were targeted by the attack might have saved certain financial information from being stolen.