February 23, 2024

Major apparel supplier VF Corp followed up on its December cyberattack disclosure, with its latest Securities and Exchange Commission form admitting to a data breach impacting up to 35.5 million customers. That means if you’ve purchased from its major brands like Vans, North Face, Timberland, Dickies and more, you may have been impacted. But VF Corp still insists that the incident won’t hurt its financial performance.

Initially, VF Corp warned customers that the cyberattack it experienced in December could have an impact on its holiday order fulfillment. The company said “unauthorized occurrences” on its IT systems caused operational disruptions, and the attackers likely stole personal information. Now, it’s come out just how widespread the damage from the attack could be.

VF Corp did not respond to a request for comment clarifying what type of data the hackers stole. In the SEC filing, however, the company said it did not collect consumer social security numbers, bank account information or payment card information, and that there is no evidence the hackers stole passwords. It also said that the unauthorized users were “ejected” from its systems by December 15, after being discovered two days earlier.

“Since the filing of the Original Report, VF has substantially restored the IT systems and data that were impacted by the cyber incident, but continues to work through minor operational impacts,” the latest filing states. VF still has not confirmed who was behind the attack.