Footwear giant Vans has recently issued a warning to its customers, alerting them to potential risks of fraud and identity theft following a data breach at its parent company, VF Group.
Detected in December 2023, the breach raised concerns over unauthorised activities within a segment of VF Group’s IT systems. While Vans assures customers that no detailed financial information or passwords were compromised, the company acknowledges the possibility that criminals may attempt to misuse the accessed customer data. VF Group, which also owns brands like Timberland, The North Face, and Dickies, is yet to confirm whether customers of these brands are affected by the breach.
According to Vans, the breach was initially detected on 13th December and was attributed to “external threat actors”. External threat actors are individuals or entities from outside the organisation who lack authorised access to the organisation’s information systems, data, or physical resources.
Immediate measures were taken to address the threat, including the shutdown of affected IT systems and the engagement of cybersecurity experts. By 15th December, the hackers were successfully removed from the system. However, an investigation revealed that certain personal information of customers, such as email addresses, full names, phone numbers, and addresses used for online purchases, may have been compromised.
Despite the breach, Vans emphasises that it does not collect or retain sensitive financial data, such as bank account or credit card information, thereby minimising the risk of financial fraud. Nevertheless, the company urges customers to remain vigilant against potential threats, including identity theft, phishing attempts, and fraud. Customers are advised to exercise caution when responding to suspicious emails, texts, or phone calls requesting personal information.
In response to the breach, Vans has taken proactive steps to address the incident, including collaboration with law enforcement agencies and a review of its cybersecurity policies. While there have been no reported incidents of customer harm so far, the company remains committed to safeguarding the privacy and security of its customers’ data. As the investigation continues, Vans reassures customers of its dedication to mitigating any potential risks and maintaining transparency throughout the process.
What Should You Do if You Are Affected by a Data Breach?
If you find yourself affected by a data breach from an organisation you’re a customer of, it’s important to take prompt action. Firstly, reach out to the organisation through their official website or social media channels to confirm the details of the breach and understand how you’re affected. Avoid using any links or contact details provided in messages you may have received, as they could be fraudulent. Be aware that during a major breach, the organisation may not be able to respond to all calls immediately.
Stay vigilant for suspicious messages that may be sent to you after the breach becomes public knowledge. Official organisations like your bank will never request personal information from you, so be cautious of any messages urging you to reset passwords or provide sensitive details. If you receive a suspicious message containing a password you’ve used before, change it immediately, along with any other accounts using the same password.
Monitor your online accounts for any signs of unauthorised activity, such as login attempts from unfamiliar locations or changes to security settings. If you suspect any account has been accessed without your permission, refer to guidance from the NCSC on recovering hacked accounts. Additionally, use online tools like haveibeenpwned.com to check if your details have appeared in any other public data breaches. These steps can help mitigate the impact of a data breach and safeguard your personal information.
