Cyber Incident Victim: VF Corporation

The North Face experienced a credential stuffing attack targeting its thenorthface.com website, beginning on July 26, 2022. Threat actors leveraged previously breached email and password combinations to gain unauthorized access to customer accounts, exploiting the reuse of credentials across multiple platforms. The attack remained undetected until August 11, 2022, when website administrators identified anomalous activity. After investigation, The North Face confirmed the attackers compromised 194,905 accounts before the incident was fully contained on August 19, 2022. Accessed customer data included full names, purchase histories, billing and shipping addresses, telephone numbers, account creation dates, gender information, and XPLR Pass reward program records. Payment card details were not exposed, as the site stored only tokenized references to credit cards handled exclusively by a third-party processor. These tokens lacked utility outside the thenorthface.com ecosystem and could not be used to initiate transactions elsewhere.

VF Corporation, The North Face’s parent company, initiated breach notifications to affected customers following the incident. The organization reset all user account passwords and purged payment card tokens from compromised accounts, requiring impacted customers to establish new passwords and re-enter payment details for future purchases. The breach notification emphasized the importance of adopting unique, robust passwords and urgently changing credentials reused across other online services. This marked the second credential stuffing incident impacting The North Face within two years, following a similar attack in November 2020 that also necessitated password resets. The attack’s operational disruption required customers to update account credentials and payment methods, while the exposure of personal information created potential risks for targeted phishing or identity theft attempts against affected individuals.