US-based VF Corporation, which owns apparel brands such as Vans, Supreme and The North Face, said a cyberattack affected its ability to fulfill orders ahead of Christmas, one of the year’s biggest retail events. admitted that he had caused it.
A company based in Denver, Colorado said in a filing with federal regulators. The cyberattack, which the company first detected on December 13, was a ransom attack in which hackers “disrupted the company’s operations by encrypting some IT systems and stole data, including personal data, from the company.” It was said that it was hinting at a software attack.
As a result, the company says its operations continue to be disrupted, including its “ability to fulfill orders.”
When TechCrunch tried to place an order on Vans’ website, he was greeted with the following message: You will be notified by email when your item is shipped and can track it with the sender. ”
VF Corporation said in a filing that the retail stores it operates around the world are open and consumers can purchase available products online. It is unclear when orders will be shipped, and a company spokesperson did not provide a timeline.
VF Corp. spokesperson Colin Wheeler provided TechCrunch via email with a statement reflecting the company’s regulatory filings. The company did not respond to TechCrunch’s questions about the incident. Reveal whether the company received a ransom demand from hackers.
The company has not yet disclosed how it was breached, what type of data was accessed, or how many individuals were affected by the breach, including employees, customers, or both. . It’s also unclear who is behind the attack, with the ransomware group being tracked yet to claim responsibility.
VF Corp. warned in a regulatory filing that the cyberattack would have a “significant impact” on its business until its systems are restored. “As the investigation into the incident is ongoing, the full scope, nature and impact of the incident is not yet known,” the filing states.
VF Corp disclosed the incident on the same day that the U.S. Securities and Exchange Commission’s new data breach disclosure rules went into effect. This regulation means that organizations must report cybersecurity incidents, including data breaches, to federal securities regulators. within 4 business days.
Source: techcrunch.com
