Dutch IT Channel reported that clothing and shoe manufacturer Vans warns of a data breach. A cyber attack involves the capture of customer data, which puts them at risk of becoming a target of fraud or identity theft, among other things.
Parent company VF Group reported detecting ‘unauthorized activities’ on part of its IT systems in December last year. According to the company, no detailed financial information or passwords were stolen. However, VF Groep cannot rule out that criminals will attempt to abuse the customer data obtained. It is not clear whether customers of Timberland, The North Face and Dickies, other brands in the group, are also affected.
No financial information
Vans said in an email to its customers that the data breach was first discovered on December 13, and was “apparently carried out by third-party threat actors.” It says it has taken immediate steps to address the threat, including shutting down affected IT systems and hiring cybersecurity experts. The hackers were removed on December 15, the company reports.
“Investigations have shown that the incident compromised some of our customers’ personal data that we normally store and process to manage online purchases, such as email address, full name, phone number, billing address and shipping address,” the email said. However, the company does not collect or store payment or financial data, such as bank account or credit card details, “so there was no chance of detailed financial information being exposed to the attackers.”
The company warns that the incident “could lead to attempts at identity theft, phishing and possibly fraud in general.” Vans advises customers to be cautious of suspicious emails, texts and phone calls requesting personal information. Vans further says it has contacted relevant law enforcement agencies and says it will review its cybersecurity policies.