Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Despite being the fourth credential stuffing incident The North Face has suffered since 2020, the company makes no mention of enabling multifactor authentication (MFA) and continues not to enforce it.
Major outdoor apparel and jacket manufacturer The North Face has disclosed a credential stuffing attack on its network.
The company, which is one of the world’s largest outdoor brands, with over US$3 billion in annual revenue, revealed in a statement that on 23 April 2025, it discovered that a credential stuffing attack had taken place.
For context, a credential stuffing attack is an automated attack by threat actors in which they input known credentials harvested from other incidents into the company’s login page to attempt to log in to as many accounts as possible, thus being able to access data.
“Following a careful and prompt investigation, we concluded that an attacker had launched a small-scale credential stuffing attack against our website on April 23, 2025,” said the notice.
“We do not believe that the incident involved information that would require us to notify you of a data security breach under applicable law. However, we are notifying you of the incident voluntarily, out of an abundance of caution.
“Based on our investigation, we believe that the attacker previously gained access to your email address and password from another source (not from us) and then used those same credentials to access your account on our website.”
While The North Face said that no payment card data was compromised as it was not viewable on the website and that, instead, it stores a token that cannot be used anywhere but its website, it did confirm other data may have been compromised.
“This information may include products you have purchased on our website, your shipping address(es), your preferences, your email address, your first and last name, your date of birth (if you saved it to your account), and your telephone number (if you saved it to your account),” it said.
Following the incident, The North Face has forced a password reset and recommended that users use unique and strong passwords. Customers should also be on the lookout for phishing attacks.
However, the company has not mentioned enabling MFA, which is a simple solution that would have prevented the credential stuffing incident from working.
The lack of MFA has caused issues for The North Face a number of times before, having suffered three previous credential stuffing incidents, affecting 200,000 customers.
Its parent company, VF Corporation, also suffered a ransomware attack in December 2023.
The company – which also owns brands such as Vans and Timberland – said it noticed “unauthorised occurrences” on its network on 13 December.
According to an SEC filing, some IT systems were encrypted in the attack, and some data – including personal data – was stolen.
“The company is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail and brand e-commerce consumers and wholesale customers,” the company said in its filing.
While the group responsible for the attack was initially unknown, the now-defunct ALPHV (also known as BlackCat) claimed responsibility, announcing its role on 28 December.
According to VF Corporation, customer data accessed included email addresses, phone numbers, full names, shipping and billing addresses, and, in some cases, payment method information, order histories and total order values.
However, the company did say that it was impossible that any financial data, such as credit card information, would be at risk.
“Please note that, in any event, we never collect or retain in our IT systems any detailed payment/financial information, such as, for example, bank account or credit card information, so there is no chance that any detailed financial information was exposed to the threat actors,” said VF Corporation.
Be the first to hear the latest developments in the cyber industry.
