Vans' parent company, VF Corporation, has officially disclosed that a December-detected data breach impacted 35.5 million of its customers. The breach leaked email addresses, complete names, phone numbers, billing addresses, and shipping addresses.
In other instances, the compromised data also revealed details about the payment method used for the purchases, order history, and total order value.
(Photo: THOMAS SAMSON/AFP via Getty Images) An agent of the operational center of the French National Cybersecurity Agency (ANSSI) checks datas on a computer in Paris on November 24, 2022.
The parent company of Vans and North Face assured customers, however, via email that fraudsters did not steal their bank account information or credit card information. Furthermore, it stated that there is "no evidence" that any compromised personal information, such as phone numbers, emails, addresses, or names, has been utilized for illicit activities.
VF asserts, however, that it is not ruled out that identity theft, phishing, and maybe general fraud efforts could arise from the incident, depending on the precise personal data disclosed for a particular customer.
Read Also: Mintlify Reveals Customer GitHub Tokens Compromised by Data Breach
Vans' December Data Breach
On December 13, VF revealed a digital breach in which records were seized or accessed. The data breach hampered the cloth maker's business and capacity to keep people dressed in posh apparel.
The language VF used to describe the hack in a regulatory filing reportedly made it sound a lot like a ransomware infestation with an extortion demand, even though the company did not refer to the cybersecurity event as ransomware at the time.
By deliberately encrypting particular IT systems and stealing data, including personal information clear signs of a ransomware attack hackers interrupted VF Corporation's business activities.
The clothing company disclosed that the IT security breach affected 35.5 million of its customers a month after the data breach was detected, but it remained evasive about what information the hackers most likely took during the intrusion.
Vans disclosed their data leak concurrently with the U.S. Fresh suggestions about data breach disclosure for the Securities and Exchange Commission.
Organizations must notify the federal government's securities regulator of cybersecurity issues, including data breaches, within four working days after the incident, according to these regulations.
Laws Against Data Breach
Research indicates that the United States still lacks rules to prevent data breaches. Researchers from George Mason University and the University of Minnesota conducted the investigation. It asserts that the US cybersecurity rules on breach notifications are ineffective at all at reducing the number of data breaches that occur there.
After comparing data on data breach incidents before and after the enactment of the laws, the study reportedly found that the breach notification laws (BNLs), which require businesses to notify customers if their data has been compromised, are ineffective. The governments of all 50 states passed the laws.
The study's results also demonstrate that there is no longer-term decline in data misuse after breaches. These non-effects are precisely estimated for a wide range of durations, BNL kinds, types of data breaches, and companies.
Related Article: Fujitsu Confirms Hackers Stole Customer Data
(Photo: Tech Times)
