VF Corp, the parent company of popular clothing brands like Vans, Supreme, and The North Face, announced on Thursday that hackers had stolen the personal data of 35.5 million customers in a cyberattack that took place in December.
The Denver, Colorado-based company reported the data breach to regulatory bodies in a filing on Thursday. The filing did not specify the exact type of personal data that was compromised, nor did it indicate whether the company knows what was stolen. Colin Wheeler, a spokesperson for VF Corp., did not respond to a TechCrunch email seeking further information.
VF Corp. stated that it does not store consumers' social security numbers, bank account information, or payment card data for its consumer-facing businesses and has no evidence that hackers stole customer passwords.
Previously, VF Corp. had stated that hackers had disrupted its operations by "encrypting certain computer systems," suggesting a ransomware attack. Later, the ransomware and extortion group known as ALPHV (or BlackCat) claimed responsibility for the breach.
VF had stated at the time of the incident that it was experiencing operational disruptions and its "ability to fulfill orders." In Thursday's filing, VF said it is "still experiencing residual minor impacts from the cyber incident," but has caught up with order fulfillment that had been delayed.
The company stated that it has "substantially restored the computer systems and data that were impacted by the cyber incident but continues to work on minor operational impacts."