VF Corp, the Denver-based conglomerate behind popular brands like North Face, Vans, and Timberland, has released updated information about a significant cyberattack in December. This attack, initially disclosed in a December 15 SEC filing, led to the theft of personal data of approximately 35.5 million consumers. However, the company assured that no sensitive financial data like social security numbers, bank account, or payment card information were compromised as VF Corp doesn’t retain these details in its IT systems.
The cyberattack, which occurred on December 13, severely impacted VF Corp’s operational capabilities, particularly affecting its ability to fulfill online orders during the crucial holiday shopping period. The attack involved the encryption of some of the company’s IT systems and the theft of data, including personal consumer information.
In its latest amended SEC filing, VF Corp expressed confidence that the impacts of the attack are no longer ongoing and would not materially affect its business operations. Furthermore, the company is planning to seek reimbursement for costs, expenses, and losses resulting from the incident through claims to its cybersecurity insurers, though the timing and amount of such reimbursements are currently uncertain.
This incident highlights the growing threat of cyberattacks on large corporations, the importance of robust cybersecurity measures, and the implications for consumer data privacy. It also underscores the critical role of cyber insurance in mitigating the financial repercussions of such security breaches.