Breach cyber

VF Outdoor

Jun 6, 2025 1 min read
VF Outdoor

VF Outdoor, the parent company of outdoor clothing brand The North Face, reported a data breach affecting almost 3,000 customers. The breach, which occurred in April, involved a credential stuffing attack where hackers used stolen login information from other sources to access user accounts. The compromised data included names, addresses, dates of birth, telephone numbers, and purchase history. Payment card information was not compromised as it was stored on a third-party platform.

Source: https://therecord.media/north-face-customer-accounts-data-breach-notification

TPRM report: https://scoringcyber.rankiteo.com/company/vf-corporation

"id": "vf-736060625",
"linkid": "vf-corporation",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '2,861',
                        'industry': 'Retail',
                        'name': 'The North Face',
                        'type': 'Company'}],
 'attack_vector': 'Credential Stuffing',
 'customer_advisories': ['Change Passwords if Used on Multiple Sites'],
 'data_breach': {'number_of_records_exposed': '2,861',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of Birth',
                                                         'Telephone Numbers'],
                 'type_of_data_compromised': ['Personal Information',
                                              'Purchase History']},
 'date_detected': '2023-04-23',
 'description': 'A credential stuffing attack on The North Face website '
                'affected nearly 3,000 customers, exposing personal '
                'information.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of Birth',
                                 'Telephone Numbers',
                                 'Purchase History'],
            'systems_affected': ['Retail Website']},
 'initial_access_broker': {'entry_point': 'Credential Stuffing'},
 'motivation': 'Unauthorized Access',
 'post_incident_analysis': {'corrective_actions': ['Disabled All Passwords',
                                                   'Forced Password Reset'],
                            'root_causes': 'Credential Stuffing Attack'},
 'regulatory_compliance': {'regulatory_notifications': ['Vermont', 'Maine']},
 'response': {'communication_strategy': ['Breach Notification Letters'],
              'containment_measures': ['Disabled All Passwords',
                                       'Forced Password Reset']},
 'threat_actor': ['Scattered Spider'],
 'title': 'The North Face Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Stolen Credentials'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

My Jedai

public 1 min read
A significant data breach involving personal information from 571 Canva Creators program participants was exposed through an unsecured AI chatbot…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.