VF Corp. reported in a regulatory filing that it detected a cybersecurity breach in its systems on December 13 and that it is “reasonably likely to continue to have a material impact on the company’s business operations,” including its ability to fulfill online orders.
VF Corp. said it had not determined whether the breach would impact its financial condition or results of operations materially.
VFC shares were down in the high-single-digits on Monday after the company reported the breach.
The parent of The North Face, Vans, Timberland and Dickies, among others, said, “Upon detecting the unauthorized occurrences, the company immediately began taking steps to contain, assess and remediate the incident, including beginning an investigation with leading external cybersecurity experts, activating its incident response plan and shutting down some systems. The threat actor disrupted the company’s business operations by encrypting some IT systems and stole data from the company, including personal data.”
The company noted that it is working to bring the impacted portion of its IT systems back online and implement workarounds for certain offline operations to reduce service disruption for its retail and brand e-commerce consumers and wholesale customers.
VF said its global VF-operated retail stores are open, and consumers can purchase available merchandise, but VF is experiencing operational disruptions. “Consumers are able to place orders on most of the brand e-commerce sites globally; however, the company’s ability to fulfill orders is currently impacted,” said VF.
“The company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact of the incident and has notified and is cooperating with federal law enforcement. As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known. As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the company’s business operations until recovery efforts are completed. The company has not yet determined whether the incident is reasonably likely to materially impact the company’s financial condition or results of operations,” said VF.
The cybersecurity breach comes on the heels of a recent announcement that VF was cutting 500 jobs to get a handle on expenses as it right-sized the business under new CEO Bracken Darrell. VF vowed to implement a large-scale cost reduction program, which it expects will deliver $300 million in fixed cost savings by removing spending in non-strategic areas, simplifying and right-sizing its structure. An interruption in the company’s ability to deliver e-commerce orders or re-stock retailers could further erode the business.
VF’s brands include The North Face, Timberland, Smartwool, Icebreaker, Altra, Vans, Supreme, Kipling, Napapijri, Eastpak, JanSport, Dickies and Timberland Pro.
Photo courtesy Timberland
