Earlier this year, Vans parent group VF Group disclosed a cyber incident. At the time, I said this:
The filing did not say specifically what kinds of personal data was taken or if any corporate data was stolen but VF Corp said it does not retain consumer Social Security numbers, bank account information, or payment card information for its consumer businesses.
Now Vans has put out a statement. And here’s the key part that you should pay attention to:
Our investigation revealed that the incident has affected some personal information of our customers, that we normally store and process in order to manage online purchases, such as email address, full name, phone number, billing address, shipping address. In certain cases, the affected data may also include order history, total order value, information about what payment method was used for the purchases.
Please note that, in any event, we never collect or retain in our IT systems any detailed payment/financial information, such as, for example, bank account or credit card information, so there is no chance that any detailed financial information was exposed to the threat actors. The information we hold is only what payment method was used for the purchases (for example “credit card”, “Paypal”, or “bank account payment”), with no additional details attached.
We can also confirm that no consumers’ passwords were exposed to the threat actors, so you can rest assured that the security of your online accounts was not affected as a result of this incident.
The evidence collected indicates that the affected data set may include one or more of the above personal data categories relating to you, since you previously interacted online with Vans, and possibly with other Brands belonging to the VF Group.
Darren Williams, CEO and Founder, BlackFog:
“The attack on VF Group is a clear example that securing data must be at the forefront of retailers’ minds. The safety of customers must be of the utmost priority, otherwise, as we can see, loyal customers can quickly turn to victims. VF Group now risks not only financial but reputational damage which can last for years. To avoid becoming the next example, companies must invest in the latest anti data exfiltration technology to prevent any unauthorized data from leaving their systems.”
That’s not exactly reassuring if you are a customer of Vans. And it took way too long to get to this point. That really doesn’t make me want to buy from Vans going forward.
Related
This entry was posted on March 20, 2024 at 2:34 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Vans Provides Further Information On Data Breach With Bad News For Their Customers
Earlier this year, Vans parent group VF Group disclosed a cyber incident. At the time, I said this:
The filing did not say specifically what kinds of personal data was taken or if any corporate data was stolen but VF Corp said it does not retain consumer Social Security numbers, bank account information, or payment card information for its consumer businesses.
Now Vans has put out a statement. And here’s the key part that you should pay attention to:
Our investigation revealed that the incident has affected some personal information of our customers, that we normally store and process in order to manage online purchases, such as email address, full name, phone number, billing address, shipping address. In certain cases, the affected data may also include order history, total order value, information about what payment method was used for the purchases.
Please note that, in any event, we never collect or retain in our IT systems any detailed payment/financial information, such as, for example, bank account or credit card information, so there is no chance that any detailed financial information was exposed to the threat actors. The information we hold is only what payment method was used for the purchases (for example “credit card”, “Paypal”, or “bank account payment”), with no additional details attached.
We can also confirm that no consumers’ passwords were exposed to the threat actors, so you can rest assured that the security of your online accounts was not affected as a result of this incident.
The evidence collected indicates that the affected data set may include one or more of the above personal data categories relating to you, since you previously interacted online with Vans, and possibly with other Brands belonging to the VF Group.
Darren Williams, CEO and Founder, BlackFog:
“The attack on VF Group is a clear example that securing data must be at the forefront of retailers’ minds. The safety of customers must be of the utmost priority, otherwise, as we can see, loyal customers can quickly turn to victims. VF Group now risks not only financial but reputational damage which can last for years. To avoid becoming the next example, companies must invest in the latest anti data exfiltration technology to prevent any unauthorized data from leaving their systems.”
That’s not exactly reassuring if you are a customer of Vans. And it took way too long to get to this point. That really doesn’t make me want to buy from Vans going forward.
Share this:
Like this:
Related
This entry was posted on March 20, 2024 at 2:34 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.