VF Corp, the parent company overseeing renowned apparel brands such as Vans, Supreme, and The North Face, disclosed on Thursday that a cyberattack in December resulted in the theft of personal data belonging to 35.5 million customers.
The Denver-based corporation officially reported the data breach to regulatory authorities through a filing on Thursday. Although the filing did not specify the types of personal information compromised or indicate the company’s awareness of the exact details of the stolen data, VF Corp. spokesperson Colin Wheeler did not provide additional details in response to an email inquiry from TechCrunch.
VF Corp clarified that it does not store consumer Social Security numbers, bank account details, or payment card information for its consumer-focused businesses. Furthermore, the company has not identified any evidence suggesting that the hackers accessed customer passwords.
In a prior statement, VF Corp acknowledged that the hackers had disrupted its operations by encrypting certain IT systems, hinting at a ransomware attack. Subsequently, the ransomware and extortion group known as ALPHV (or BlackCat) claimed responsibility for the breach.
At the time of the incident, VF Corp reported operational disruptions, impacting its ability to fulfill orders. In the latest filing on Thursday, the company acknowledged that it continues to experience minor residual effects from the cyber incident. However, VF Corp stated that it has largely restored the impacted IT systems and data, successfully catching up on fulfilling orders that were delayed during the disruption. The company is actively addressing the remaining minor operational impacts resulting from the cyber incident.