Vans has notified its customers of a potential fraud or identity theft following the cyberattack on the parent company VF Group. The report denoted the timeline of the Vans cyberattack starting from December 13 2023 and the organization’s response to the incident.
The notice shared information about “unauthorized activities” on its system in December 2023. VF Group, the parent company of fashion and apparel brands, such as Vans, Timberland, The North Face, and Dickies, revealed that the organization has it detected a cyber intrusion on December 13, and temporarily suspended affected IT systems to contain and remediate the threat.
By December 15, the unauthorized actors were successfully removed from the IT environment, and efforts were made to restore impacted systems and operations.
Vans Cyberattack Update
According to the company’s investigation, the Vans cyberattack may have compromised the personal information of customers, including email addresses, full names, phone numbers, billing and shipping addresses, and order details. However, it’s important to note that detailed financial information such as bank account or credit card details were not stored within the affected systems.
Despite the prompt response from VF Group, concerns remain regarding potential risks to individuals whose data was part of the affected dataset. While there is currently no evidence of direct impact on individual consumers, the incident underscores the importance of vigilance in safeguarding personal information.
In a conversation with TCE, Darren Williams, CEO and Founder, of BlackFog, stated that “securing data must be at the forefront of retailers’ minds”. The cybersecurity incident could lead to fraud or identity theft considering the large scale of the VF Group data breach.
“The safety of customers must be of the utmost priority, otherwise, as we can see, loyal customers can quickly turn to victims. VF Group now risks not only financial but reputational damage which can last for years. To avoid becoming the next example, companies must invest in the latest anti-data exfiltration technology to prevent any unauthorized data from leaving their systems”, added Darren.
VF Group Advises Customers to be Vigilant
In light of this breach, VF Group has advised customers to exercise caution when responding to communications, particularly those requesting personal information. Additionally, customers are urged to be wary of suspicious emails, attachments, and hyperlinks, as these could be used in phishing attempts or to direct individuals to malicious websites.
VF Group has assured customers of its commitment to prioritizing privacy and security. The company continues to monitor the situation closely, while also reviewing and enhancing its cybersecurity measures to mitigate future risks.
Responding to inquiries, a Vans spokesperson reiterated the timeline of events surrounding the security incident and affirmed that operations have since been restored with minimal disruption. Upon detecting the unauthorized occurrences, we immediately began taking steps to contain, assess and remediate the incident, including beginning an investigation with leading external cybersecurity experts, activating our incident response plan, and shutting down some systems”, said the spokesperson.
This incident comes in the wake of a previous cyber incident reported by VF Corp, resulting in a data breach affecting approximately 35.5 million consumers. While VF Group does not anticipate a financial impact from the current incident, the company remains vigilant in its efforts to safeguard customer data and mitigate potential risks to its operations and reputation.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
