Major apparel retailers including Vans, Supreme, and The North Face won’t make their Christmas shipments on time following a disruptive ransomware cyberattack that hit their parent company.
In an SEC filing, VF Corporation (VF Corp.) said the data breach was first spotted on December 13, when threat actors disrupted its operations “by encrypting some IT systems.” VF Corp. further stated that the hackers “stole personal data from the company”, and that consequently, its ability to fulfill orders has been hindered.
However this doesn’t mean the brands aren’t taking orders as customers can still purchase goods from their favorite retailers, but the shipping calculator, estimating exactly when purchases might arrive, isn’t working at this time.
No names given
In a statement to media, VF Corporation only issued a statement that repeated everything said to the regulators. Hence, at this time, we don’t know who the threat actors are, which malware they used, what their demands are, or how much sensitive data they managed to exfiltrate from the company’s systems. We don’t know what that data includes, or if it belongs to the employees, customers, or clients.
The only thing we know at the moment is that the attack will have a “material impact” on the business of the affected customers. “As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known,” the filing concluded.
Usually, ransomware groups steal valuable data that they can exchange for cryptocurrencies, either with the victims, or on the black market. If it’s not proprietary data that could be useful to the competitors, then it’s customer data such as names, email addresses, Social Security Numbers, or even payment information.
Via TechCrunch