Purchased some Timberland sneakers? Put on a North Face jacket? You, and thousands and thousands of purchasers of different well-liked high-street manufacturers, may have had their information stolen by the ALPHV ransomware group.
Final month, VF Corp, the dad or mum firm of manufacturers such together with Vans sneakers and Kipling backpacks, revealed in an SEC submitting that it had found on December 13 2023 that hackers had damaged into its infrastructure and encrypted IT programs, and stolen private information in a ransomware assault.
As a consequence, operations – together with the fulfilment of shoppers’ on-line orders – had been disrupted within the run-up to the essential vacation season.
The ALPHV ransomware gang (also called BlackCat) later claimed duty for the breach.
This week, VF Corp has informed regulators that the attackers stole the non-public information of 35.5 million clients.
VF Corp’s household of manufacturers embrace:
- Altra
- Dickies
- Eastpak
- icebreaker
- JanSport
- Kipling
- Napapijri
- Smartwool
- Supreme
- The North Face
- Timberland
- Vans
The excellent news is that VF Corp doesn’t retain shoppers’ fee card particulars, checking account data, or social safety numbers – so that you in all probability do not have to fret that that significantly delicate data has fallen into the arms of hackers.
Frustratingly, VF Corp has not shared particular particulars of what information has been stolen, making it troublesome to supply particular recommendation for shoppers who could also be impacted.
For example, VF Corp says that it has not discovered any proof that buyer passwords had been stolen. Nonetheless, I believe if I had entrusted my private data to the above manufacturers I might not hesitate to vary related passwords simply in case.
Though particulars of what particular information has been stolen, it might not be a shock to me if private contact particulars, addresses, and order data was included within the information exfiltrated by the attackers.
VF Corp says that its ecommerce websites and distribution facilities are presently “working with minimal points,” and that it’s co-operating with legislation eforcement companies and regulators within the wake of the breach.
The corporate says that it doesn’t but know the way a lot the safety breach (and its restoration) has price, however that it believes the affect are “not materials” and “not moderately more likely to be materials to its monetary situation.”
VF Corp says it is going to be searching for to recoup prices of the breach by way of submitting claims to its cybersecurity insurers.
