VF Corporation Hit by Ransomware Attack Under New SEC Disclosure Rules
VF Corporation, the parent company of major apparel brands including The North Face, Vans, and Timberland, disclosed a ransomware attack that disrupted business operations and resulted in data theft. The incident marks the first "material" cybersecurity breach reported under the U.S. Securities and Exchange Commission’s (SEC) new rules, which took effect on December 15, 2023.
The company detected unauthorized activity on its IT systems on December 13, prompting the activation of its incident response plan and the shutdown of affected systems. The threat actor encrypted portions of VF’s IT infrastructure and exfiltrated data, including personal information. While the full scope and impact remain under investigation, VF acknowledged the attack has already had and is likely to continue having a material impact on its operations.
VF, which employs 33,000 people globally and reported $11.6 billion in annual revenue for fiscal 2023, is working to restore affected systems and implement workarounds to minimize disruptions to retail, e-commerce, and wholesale operations. The company did not disclose whether a ransom demand was made or which ransomware group was responsible.
The attack occurs amid a surge in big-game ransomware incidents, with groups like LockBit and BlackCat leading activity in 2023. Cybersecurity firms, including CrowdStrike and Kroll, report a 51% increase in enterprise-targeted ransomware attacks this year, driven by exploited vulnerabilities, zero-day exploits, and advanced social engineering tactics such as phishing and voice-based scams. The year also saw a record 26,447 software vulnerabilities reported, further escalating cyber risks for organizations.
Source: https://www.thestack.technology/the-north-face-ransomware-vf-vans/
VF Corporation cybersecurity rating report: https://www.rankiteo.com/company/vf-corporation
"id": "VF-1773260958",
"linkid": "vf-corporation",
"type": "Ransomware",
"date": "12/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'apparel',
'location': 'global',
'name': 'VF Corporation',
'size': '33,000 employees',
'type': 'corporation'}],
'data_breach': {'data_exfiltration': 'yes',
'personally_identifiable_information': 'yes',
'type_of_data_compromised': 'personal information'},
'date_detected': '2023-12-13',
'description': 'VF Corporation, the parent company of major apparel brands '
'including The North Face, Vans, and Timberland, disclosed a '
'ransomware attack that disrupted business operations and '
'resulted in data theft. The incident marks the first '
"'material' cybersecurity breach reported under the U.S. "
'Securities and Exchange Commission’s (SEC) new rules, which '
'took effect on December 15, 2023.',
'impact': {'data_compromised': 'personal information',
'operational_impact': 'disrupted business operations, material '
'impact on operations',
'systems_affected': 'IT infrastructure'},
'investigation_status': 'under investigation',
'ransomware': {'data_encryption': 'yes', 'data_exfiltration': 'yes'},
'references': [{'source': 'SEC disclosure, cybersecurity reports'}],
'regulatory_compliance': {'regulations_violated': 'SEC disclosure rules',
'regulatory_notifications': 'yes'},
'response': {'containment_measures': 'shutdown of affected systems',
'incident_response_plan_activated': 'yes',
'remediation_measures': 'restoring affected systems, '
'implementing workarounds'},
'title': 'VF Corporation Hit by Ransomware Attack Under New SEC Disclosure '
'Rules',
'type': 'ransomware'}