Skip to content

Search the site

$11 billion North Face owner, VF Corp., hit by ransomware

Attacker "disrupted… business operations by encrypting some IT systems, and stole data from the company"

The North Face and Vans owner VF Corporation has been hit by ransomware, making it (The Stack believes) the first company to disclose a “material” security incident under new SEC rules effective today. 

VF, which also owns the brand Timberland, said in an SEC filing that it had activated its incident response plan, and shut down “some systems” after a threat actor “disrupted… business operations by encrypting some IT systems, and stole data from the Company, including personal data.”

The company, which reported [pdf] annual revenues of $11.6 billion in its fiscal 2023, employs some 33,000 staff globally. (In October 2023 it announced its “Reinvent” programme which will see it deliver a “large-scale cost reduction program, which we expect to deliver $300 million in fixed cost savings, by removing spend in non-strategic areas.”)

VF Corporation: North Face owner’s ransomware attack 

The disclosure comes the day that new SEC rules took effect. The rules oblige listed companies to disclose “material” cybersecurity incidents within four days and detail oversight of cyber risk by boards.

VF said that it had “detected unauthorized occurrences on a portion of its information technology (IT) systems” on Wednesday December 13.

The company said it was “working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail and brand e-commerce consumers and wholesale customers.”

The incident comes as a record number of CVEs or software vulnerabilities were reported in 2023, hitting 26,447 at the time of writing.

Join peers following The Stack on LinkedIn

Big Game-hunting ransomware attacks also ratcheted up significantly in 2023 using not just rapidly exploited software vulnerabilities and even zero days, but what consultancy Kroll described in a Q3 threat report as a "dramatic escalation of social engineering tactics, with significant increases in phishing, smishing, valid accounts, voice phishing and other tactics."

Ransomware attacks on large enterprise targets have seen a “massive uptick” this year, rising 51% through late November, says Crowdstrike. Fellow cybersecurity company Qualys meanwhile says the most active ransomware groups detected in 2023 were Lockbit and Blackcat.

VF said today: "As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known. As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the Company’s business operations..."

See also: 1 Citrix bug alone triggered 13 “nationally significant” UK cybersecurity incidents