
VF Corp-owned The North Face said that names and email addresses were among the data accessed in the cyberattack.
The company assured that no payment card information was compromised as card details such as numbers, CVVs, and expiry dates are processed by a third party and are not stored on The North Face’s website.
It has notified its customers about the cyber-attack and advised those impacted to reset their passwords as a precautionary measure.
According to The North Face, the perpetrators employed a method known as “credential stuffing.” This approach involves cybercriminals using previously compromised usernames and passwords from other data breaches, betting on the possibility that individuals might have recycled their login credentials across various online platforms.
The brand indicated that through this tactic, there’s a chance that the attackers accessed certain customer information, including shipping addresses and records of past purchases.
The notice filed with the Vermont Attorney General’s Office stated: “Based on our investigation, we believe that the attacker previously gained access to your email address and password from another source (not from us) and then used those same credentials to access your account on our website.”

US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“We strongly encourage you not to use the same password for your account at our website that you use on other websites. If a breach occurs on one of those other websites, an attacker could use your email address and password to access your account at our website,” the notice read.
VF was also impacted by a separate cyber-attack in December 2023. This incident affected Vans, another brand, with customers being alerted about potential risks to their information.
The cybersecurity incident on a US brand follows a recent warning from Google that hackers previously associated with a string of ransomware attacks on retailers in the UK, have shifted focus to businesses based in the US.
“US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programmes,” John Hultquist, an analyst at Google’s cybersecurity arm, said in a statement.
In related incidents last month, sportswear giant Adidas reported that certain consumer data were accessed by unauthorised external party through a third-party customer service provider.
The affected data consists of contact information relating to consumers who had contacted its customer service help desk in the past. No passwords, credit card or any other payment-related information were compromised.
Additionally, UK retailer Marks & Spencer paused online and app orders following an April cyberattack.
The retailer anticipated an impact of approximately £300m on its operating profit for fiscal year 2025/26 before any countermeasures.
In response to increasing cases of cyberattacks, web intelligence experts Oxylabs CEO Julius Cerniauskas said: “Retailers must respond with more than apologies. Proactive steps like enforcing multi-factor authentication, tightening access controls, and constantly monitoring for threats are now essential. Trust is hard-won in the digital age – and easily lost. For today’s brands, cybersecurity is no longer just an IT function. It’s a business-critical priority.”