Overview

• The April 23 attack was a small-scale credential stuffing operation that exploited reused user credentials to break into US accounts on thenorthface.com.
• Compromised data included customer names, purchase histories, shipping addresses, email addresses, dates of birth and phone numbers, but third-party payment processors retained card details.
• The North Face has voluntarily notified affected account holders, reset their passwords and urged them to adopt unique credentials.
• This incident is the fourth credential stuffing breach since 2020, underscoring security gaps from the brand’s decision not to enforce multi-factor authentication.
• The breach follows a December 2023 ransomware attack at parent VF Corporation that exposed data on 35 million customers.