Denver-based VF Corp. says 35.5 million customers had personal data stolen by hackers
LagartoFilm, iStock photo
Denver-based outdoor apparel and footwear company VF Corp. on Thursday released new information regarding the extent of a December cyberattack.
The parent company of North Face, Vans and Timberland estimated that 35.5 million consumers had personal data stolen by a “threat actor,” according to an amendment to its Dec. 15 SEC filing.
“However, VF does not collect or retain in its IT systems any consumer social security numbers, bank account information or payment card information as part of its direct-to-consumer practices,” VF Corp said in its updated SEC filing. “And, while the investigation remains ongoing, VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor.”
The Dec. 13 attack impacted VF Corp’s ability to fill online orders down the homestretch of the holiday shopping season after a cyberattack.
“The threat actor disrupted the company’s business operations by encrypting some IT systems, and stole data from the company, including personal data,” VF Corp. said in its original Dec. 15 SEC filing.
In the latest amended filing, VF Corp. said it believes those impacts are no longer ongoing and wouldn’t materially impact its business.
“VF will be seeking reimbursement of costs, expenses and losses stemming from the cyber incident by submitting claims to VF’s cybersecurity insurers,” the company said it its amended filing. “The timing and amount of any such reimbursements is not known at this time.”




