Comparison Overview

VF Corporation

VS

C&A

VF Corporation

VF Corporation, Denver, CO, US, 80202
Last Update: 2026-01-18
View Profile
Between 600 and 649
http://www.vfc.com

VF Corporation is one of the world’s largest apparel, footwear and accessories companies connecting people to the lifestyles, activities and experiences they cherish most through a family of iconic outdoor, active and workwear brands including Vans®, The North Face®, Timberland® and Dickies®. Our purpose is to power movements of sustainable and active lifestyles for the betterment of people and our planet. We believe that when you discover the difference between a career and a calling, you get so much more out of life. When those lines begin to blur, you start to limit yourself much less and start aiming for more. That’s what we want for everyone who joins us at VF. And frankly, that’s what it takes to thrive here too. For more information, please visit vfc.com.

NAICS: 448
NAICS Definition: Clothing and Clothing Accessories Stores
Employees: 28,984
Subsidiaries: 0
12-month incidents
0
Known data breaches
4
Attack type number
2
View Profile

C&A

Wanheimer Strasse 70, Düsseldorf, NRW, DE, 40468
Last Update: 2026-01-25
Between 750 and 799
http://www.c-a.com

Ever since our founding by the brothers Clemens and August in 1841, C&A has been at the forefront of fashion. From making 'ready-to-wear'​ a thing when custom-made was the norm, to popularising miniskirts in the 60s, introducing the Com-bi-kini in the 70s, Bio Cotton in early 2000 and the first Cradle-to-Cradle Gold certified garment (www.c-a.com/c2c) in 2017 - we have always evolved with the times, making stylish and quality clothes possible for everyone. And while C&A and the world around us has changed over the decades, one thing has remained the same: our dedication to offering sustainable and quality fashion for the entire family. Each day we welcome millions of visitors in about 1300 stores across 17 European countries. C&A is one of the most enduring and pioneering retailer brands in global apparel. That is because, for us the future is not tomorrow, or next quarter. We think in generations. This also means that we aspire for a future fashion industry that is more innovative and sustainable; one that has moved towards a circular future, and promotes a cycle of use, reuse and rebirth of clothing. That future will be possible because of our remarkable colleagues. From customer friendly Sales Associates to stylish Designers and expert Merchandise Planners – we all share a common passion and respect for our customers, our planet and each other. Do you see yourself as part of this strong team? Then visit us on https://www.c-and-a.com/eu/en/corporate/company/careers/start to browse our job opportunities - and join the company! Imprint: https://www.c-and-a.com/de/de/corporate/impressum/

NAICS: 448
NAICS Definition: Clothing and Clothing Accessories Stores
Employees: 19,405
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/vf-corporation.jpeg
VF Corporation
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/c&a.jpeg
C&A
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
VF Corporation
100%
Compliance Rate
0/4 Standards Verified
C&A
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Retail Apparel and Fashion Industry Average (This Year)

No incidents recorded for VF Corporation in 2026.

Incidents vs Retail Apparel and Fashion Industry Average (This Year)

No incidents recorded for C&A in 2026.

Incident History — VF Corporation (X = Date, Y = Severity)

VF Corporation cyber incidents detection timeline including parent company and subsidiaries

Incident History — C&A (X = Date, Y = Severity)

C&A cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/vf-corporation.jpeg
VF Corporation
Incidents

Date Detected: 4/2025
Type:Breach
Attack Vector: Credential Stuffing
Motivation: Unauthorized Access
Blog: Blog

Date Detected: 3/2025
Type:Breach
Attack Vector: Credential Stuffing
Blog: Blog

Date Detected: 3/2023
Type:Breach
Blog: Blog
https://images.rankiteo.com/companyimages/c&a.jpeg
C&A
Incidents

No Incident

FAQ

C&A company demonstrates a stronger AI Cybersecurity Score compared to VF Corporation company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

VF Corporation company has historically faced a number of disclosed cyber incidents, whereas C&A company has not reported any.

In the current year, C&A company and VF Corporation company have not reported any cyber incidents.

Neither C&A company nor VF Corporation company has reported experiencing a ransomware attack publicly.

VF Corporation company has disclosed at least one data breach, while the other C&A company has not reported such incidents publicly.

VF Corporation company has reported targeted cyberattacks, while C&A company has not reported such incidents publicly.

Neither VF Corporation company nor C&A company has reported experiencing or disclosing vulnerabilities publicly.

Neither VF Corporation nor C&A holds any compliance certifications.

Neither company holds any compliance certifications.

Neither VF Corporation company nor C&A company has publicly disclosed detailed information about the number of their subsidiaries.

VF Corporation company employs more people globally than C&A company, reflecting its scale as a Retail Apparel and Fashion.

Neither VF Corporation nor C&A holds SOC 2 Type 1 certification.

Neither VF Corporation nor C&A holds SOC 2 Type 2 certification.

Neither VF Corporation nor C&A holds ISO 27001 certification.

Neither VF Corporation nor C&A holds PCI DSS certification.

Neither VF Corporation nor C&A holds HIPAA certification.

Neither VF Corporation nor C&A holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.

Published
Date
2026-01-23
Updated
Date
2026-01-23
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References
Description

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.

Published
Date
2026-01-23
Updated
Date
2026-01-23
References
Description

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.

Published
Date
2026-01-23
Updated
Date
2026-01-23
References
Description

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.

Published
Date
2026-01-23
Updated
Date
2026-01-23
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.

Published
Date
2026-01-23
Updated
Date
2026-01-23
References