Personal data belonging to 35.5 million customers of popular apparel brands was exposed in a December data breach, though the exact nature of the stolen data remains unclear.
The befelled company, VF Corporation, is a 125-year-old, $6 billion dollar clothing conglomerate based out of Denver.
Per annual cybercrime tradition, VF discovered it had been breached during the leadup to the holiday shopping season, on Dec. 13.
Aside from disruptions to its business operations, personal data belonging to more than 35 million of its customers was siphoned off, according to an 8-K/A filing with the US Securities and Exchange Commission, updated yesterday.
VF Data Breach: What We Know After first discovering the incident, VF reported having to shut down some of its IT systems.
Doing so caused disruptions to certain operations, including delays to inventory replenishment, shipments, and order fulfillment.
As a result, demand for certain affected brands' websites slowed, and some customers canceled orders.
The company kicked the cyberattackers out of its systems on Dec. 15.
The 8-K/A does not specify the nature of the attack nor the perpetrators but, in its Dark Web blog last month, AlphV/BlackCat claimed responsibility, which may mean ransomware and extortion were involved.
It did highlight certain data that wasn't stolen.
There's no evidence yet to suggest that customers' account passwords were taken, and the company does not store Social Security numbers, bank account details, or credit card numbers in its IT systems.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 19 Jan 2024 21:10:21 +0000