A significant apparel supplier, responsible for iconic brands such as North Face and Vans, has fallen victim to a cyberattack, disrupting its holiday fulfillment operations.
VF Corporation has officially confirmed the repercussions of a cyberattack on its order fulfillment operations, just as the critical Christmas retail season approaches.
(Photo : Pexels)
Facing Cybersecurity Incident
VF Corporation, a U.S.-based conglomerate that boasts ownership of renowned apparel brands including Vans, Supreme, and The North Face, finds itself navigating the aftermath of this cybersecurity incident.
As outlined in a filing with federal regulators, Engadget reported that the Denver, Colorado-headquartered company disclosed the identification of the cyberattack on December 13.
The hackers strategically executed tactics that disrupted VF Corporation's operations by encrypting specific IT systems and absconding with data, including personal information-a strong indicator pointing toward a ransomware attack.
Consequently, VF Corporation is currently contending with persistent operational challenges, especially in fulfilling customer orders. The website apologized for logistical disruptions, indicating inaccuracies in the estimated delivery dates during the checkout process.
Customers were assured of receiving email notifications upon item shipment and tracking details from the shipper. This incident underscores the tangible and far-reaching impact of the cyberattack on VF Corporation's day-to-day business operations and overall customer experience.
Not Disclosing Details
VF Corp. assured that its globally operated retail stores remain open, and consumers can still make online purchases for available merchandise. However, the company still needs to provide clarity on the expected shipping timelines for these orders.
Spokesperson Colin Wheeler declined to disclose such details. TechCrunch reported that Wheeler's response mirrored the information presented in the regulatory filing, offering no additional insights into the incident.
The company chose not to address specific questions from TechCrunch, leaving uncertainties about the nature of the breach, whether a ransom demand was made by the hackers, and the extent of the compromise.
VF Corp. has yet to divulge the details of the breach, including the method of compromise, the types of accessed data, and the scope of individuals affected-be they employees, customers, or both.
The identity of the attackers remains unknown, and as of now, no ransomware group has claimed responsibility for the attack.
VF Corp. has cautioned that the recent cyberattack is expected to exert a "material impact" on its operations until full system recovery is achieved. The filing emphasizes that the investigation into the incident is ongoing, preventing a complete understanding of the incident's scope, nature, and impact.
CNBC reported that the disclosure of the cyberattack coincided with the implementation of the U.S. Securities and Exchange Commission's new data breach disclosure regulations.
Under these rules, organizations are mandated to report cybersecurity incidents, including data breaches, to the federal government's securities regulator within four business days.
This regulatory framework underscores the urgency and transparency required in addressing and communicating such incidents to relevant authorities.
Related Article: Hacker Group Strikes Singaporean Watch Retailer: Data Breach Raises Privacy Concerns for High-Profile Clients
