VF Corporation, the parent company of popular brands like Vans and North Face, has confirmed a significant data breach that occurred in December, affecting approximately 35.5 million of its customers.
The breach exposed sensitive information including email addresses, names, phone numbers, billing and shipping addresses. Additionally, details regarding payment methods, order history, and total order value were compromised in certain instances.
While VF Corporation reassured customers that bank account and credit card information were not accessed by fraudsters, concerns remain about potential identity theft, phishing, and other fraudulent activities that could stem from the breach, depending on the specific personal data exposed. Despite this, the company stated that there is "no evidence" suggesting illicit use of compromised personal information such as phone numbers, emails, addresses, or names.
The disclosure of the breach came a month after its detection on December 13, with VF Corporation acknowledging the disruption to its business operations and the impact on its ability to serve customers. Though the company did not explicitly label the incident as ransomware in its regulatory filings, the nature of the attack, involving encryption of IT systems and data theft, bears similarities to such attacks.
While VF Corporation disclosed the breach concurrently with recommendations from the U.S. Securities and Exchange Commission regarding data breach disclosures, concerns persist about the effectiveness of existing cybersecurity regulations in the United States.
Research from George Mason University and the University of Minnesota suggests that breach notification laws (BNLs), which require businesses to inform customers of data compromises, have not been effective in reducing the frequency of data breaches. Despite these laws being enacted by all 50 states, the study found no significant decline in data misuse following breaches, regardless of various factors such as duration, types of breaches, and affected companies.