Breach taxonomy
Summary
On December 13, 2023, VF Corporation (parent of Vans, The North Face, Supreme, and other brands) detected a ransomware attack that encrypted IT systems and exfiltrated data including personal data. VF-operated retail stores globally remained open and most e-commerce sites could accept orders, but order fulfillment capabilities were significantly impacted. The incident was determined to have a material impact on business operations. The company engaged leading external cybersecurity experts and cooperated with federal law enforcement.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsRansomwareData Exfil
Filing explicitly states the threat actor encrypted IT systems (ransomware) and stole data including personal data (data exfiltration).