Connect with us

Hi, what are you looking for?


Data Breaches

VF Corp Disrupted by Cyberattack, Online Operations Impacted

VF Corporation (NYSE: VFC), which owns and operates some of the biggest apparel and footwear brands, has been hit by a ransomware attack that included the theft of sensitive corporate and personal data.

VF Corp Cyberattack

VF Corporation (NYSE: VFC), a company that owns and operates some of the biggest apparel and footwear brands, has been hit by a ransomware attack that included the theft of sensitive corporate and personal data.

In a filing with the SEC, VF Corp said the hackers disrupted business operations — including its ability to fulfill ecommerce orders — and hijacked data from the company, including personal data. 

The company did not provide additional details on the stolen data, or whether third-party customer data was exposed.

“[We are] working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail and brand e-commerce consumers and wholesale customers,” VF Corp said.

The mega-corporation, which owns brands that include The North Face, Vans, Timberland, Smartwool and Dickies, said its retail stores around the world remain open but warned that it is experiencing “certain operational disruptions.” 

Brands owned by VF Corp
VF Corporation is one of the world’s largest apparel, footwear and accessories companies, owning a portfolio of well-known global brands

VF Corp said consumers are still able to place orders on most of the brand e-commerce sites globally but the company’s ability to fulfill orders is currently impacted. 

The Denver, Colorado-based company noted that the full scope, nature and impact of the incident are not yet known and cautioned that it is “reasonably likely to continue to have a material impact on business operations until recovery efforts are completed.” 

VF Corporation is one of the world’s largest apparel, footwear and accessories companies and sells products in more than 100 countries. The company has revenue of more than $11.6 billion, with roughly 35,000 employees around the world and 1,265 owned retail stores.

Shares of the company are trading down nearly 9% at the time of publishing.

Advertisement. Scroll to continue reading.

News of the incident comes on the same day that the SEC’s new cyber incident disclosure requirements come into effect, requiring companies to disclose any “material breach” within four business days of discovering that the incident has material impact.

Related: MongoDB Confirms Hack, Says Customer Data Stolen

Related: Food Giant Kraft Heinz Targeted by Ransomware Group

Related: Delta Dental Says Breach Exposed 7 Million Customers

Related: Toyota Germany Customer Data Stolen in Ransomware Attack

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.