Particle.news

Download on the App Store

The North Face Notifies 1,500 Customers of April Credential-Stuffing Breach

Exposure of personal data prompted The North Face to overhaul its cybersecurity measures as it urged customers to reset compromised credentials

Image
Image
Image

Overview

  • On April 23, attackers executed a small-scale credential-stuffing attack using stolen usernames and passwords to access customer accounts
  • Up to 1,500 shoppers may have had names, email addresses, shipping addresses and dates of birth exposed, but no payment card data was held on the site
  • VF Corp voluntarily alerted affected customers in early June despite no legal obligation to do so, citing an abundance of caution
  • The company has strengthened its security infrastructure and recommended that all users adopt unique passwords and enable two-factor authentication
  • The breach follows similar incidents at Cartier, Marks & Spencer and Victoria’s Secret, highlighting a broader spike in credential-stuffing attacks across retail