Clothing Provider, V.F. Corp., Hack Hits 35.5M Customers

January 22, 2024

INCIDENT

After suffering a cyberattack December 13, V.F. Corporation, the global apparel and footwear company founded in 1899, released further details on the assault that led to shutting down some systems and losing personal information of 35.5 million customers.
On December 13, V.F. detected unauthorized occurrences on a portion of its information technology (IT) systems, according to an 8-K document filed with the Securities and Exchange Commission (SEC).
Upon detecting the unauthorized occurrences, V.F., which brought in $11.6 billion in revenue, immediately began taking steps to contain, assess and remediate the cyber incident, including beginning an investigation with leading external cybersecurity experts, activating its incident response plan, and shutting down some systems.
As a result of these and other measures, and while V.F.’s investigation and remediation efforts remain ongoing, the Denver, Colorado-based company believes it “ejected” the threat actor was ejected from its IT systems on December 15. V.F. said it notified, is cooperating with, and will continue to cooperate with and notify, federal law enforcement and the relevant regulatory authorities as required under applicable law.

Incident Date

December 13, 2023

Estimated Cost

Cost not known, 35.5 million customers personal information stolen

Type of Malware

No Malware identified

Threat Source

No threat source identified