VF Corporation A.I CyberSecurity Scoring
VF Corporation
Company Information
Website:http://www.vfc.com
Employees number:31,955
Number of followers:613,639
NAICS:448
Industry Type:Retail Apparel and Fashion
Homepage:vfc.com
VF Corporation Risk Score (AI oriented)
Between 550 and 599
VF CorporationRetail Apparel and Fashion
Updated:
28/03/2026
28/03/2026
556/1000
Very Poor
Ca
VF Corporation Global Score (TPRM)
xxxx
VF CorporationRetail Apparel and Fashion
Score locked

VF CorporationVery Poor
Current Score
556Ca (VERY POOR)
01000
6 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
570
JUNE 2026
570
MAY 2026
566
APRIL 2026
566
MARCH 2026
555
FEBRUARY 2026
552
JANUARY 2026
548
DECEMBER 2025
542
NOVEMBER 2025
540
OCTOBER 2025
536
SEPTEMBER 2025
531
AUGUST 2025
526
APRIL 2025
565
Breach
01 Apr 2025 • VF Corporation
VF Outdoor
The North Face Data Breach
501
CRITICAL-64
VF-736060625
VF Outdoor, the parent company of outdoor clothing brand The North Face, reported a data breach affecting almost 3,000 customers. The breach, which occurred in April, involved a credential stuffing attack where hackers used stolen login information from other sources to access user accounts. The compromised data included names, addresses, dates of birth, telephone numbers, and purchase history. Payment card information was not compromised as it was stored on a third-party platform.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2025
617
Breach
13 Mar 2025 • VF Corporation
VF Outdoor, LLC
Data Breach at VF Outdoor, LLC
562
LOW-55
VF-242072525
The California Office of the Attorney General reported a data breach involving VF Outdoor, LLC on April 4, 2025. The breach occurred on March 13, 2025, as a result of a credential stuffing attack, potentially affecting user accounts but not directly compromising sensitive payment information.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2023
658
Ransomware
18 Dec 2023 • VF Corporation
VF Corporation: North Face owner, $11 billion VF Corp., hit by ransomware
VF Corporation Hit by Ransomware Attack Under New SEC Disclosure Rules
564
CRITICAL-94
VF-1773260958
VF Corporation Hit by Ransomware Attack Under New SEC Disclosure Rules
VF Corporation, the parent company of major apparel brands including The North Face, Vans, and Timberland, disclosed a ransomware attack that disrupted business operations and resulted in data theft. The incident marks the first "material" cybersecurity breach reported under the U.S. Securities and Exchange Commission’s (SEC) new rules, which took effect on December 15, 2023.
The company detected unauthorized activity on its IT systems on December 13, prompting the activation of its incident response plan and the shutdown of affected systems. The threat actor encrypted portions of VF’s IT infrastructure and exfiltrated data, including personal information. While the full scope and impact remain under investigation, VF acknowledged the attack has already had and is likely to continue having a material impact on its operations.
VF, which employs 33,000 people globally and reported $11.6 billion in annual revenue for fiscal 2023, is working to restore affected systems and implement workarounds to minimize disruptions to retail, e-commerce, and wholesale operations. The company did not disclose whether a ransom demand was made or which ransomware group was responsible.
The attack occurs amid a surge in big-game ransomware incidents, with groups like LockBit and BlackCat leading activity in 2023. Cybersecurity firms, including CrowdStrike and Kroll, report a 51% increase in enterprise-targeted ransomware attacks this year, driven by exploited vulnerabilities, zero-day exploits, and advanced social engineering tactics such as phishing and voice-based scams. The year also saw a record 26,447 software vulnerabilities reported, further escalating cyber risks for organizations.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2023
704
Breach
13 Mar 2023 • VF Corporation
VF Outdoor, LLC
VF Outdoor, LLC Data Breach
637
LOW-67
VF-517072725
The Maine Office of the Attorney General reported that VF Outdoor, LLC experienced a data breach on March 13, 2023, affecting a total of 15,713 individuals, with 27 residents of Maine specifically affected. The breach was discovered on March 13, 2025, and notifications were sent electronically on April 4, 2025. The type of breach was classified as 'Other.'
INCIDENT DETAILS -
TYPE
REFERENCES
JULY 2022
764
Breach
26 Jul 2022 • VF Corporation
VF Outdoor, LLC
Data Breaches at VF Outdoor, LLC (The North Face and Vans)
692
CRITICAL-72
VF-335091725
VF Outdoor, LLC, the parent company of brands like The North Face and Vans, suffered two separate data breaches in mid-2022. The breach at thenorthface.com was identified on August 11, 2022, stemming from a credential stuffing attack initiated on July 26, 2022, which compromised the personal information of approximately 162,823 individuals. The second breach at vans.com involved unauthorized access detected on August 20, 2022, affecting around 32,082 individuals. The attacks exploited reused or weak credentials, allowing threat actors to gain access to customer accounts. While the exact type of data exposed was not fully detailed, such breaches typically involve personal identifiable information (PII), including names, email addresses, and potentially payment or account details. The incidents highlight vulnerabilities in authentication mechanisms, exposing customers to risks like identity theft, phishing, or fraudulent transactions. No ransomware was reported, but the scale and nature of the breach suggest significant reputational and financial repercussions for the company, along with potential regulatory scrutiny under data protection laws like CCPA (California Consumer Privacy Act).
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2021
785
Cyber Attack
24 Oct 2021 • VF Corporation
VF Outdoor, LLC
Timberland Data Breach via Credential Stuffing Attack
759
MEDIUM-26
VF-027091825
The Maine Office of the Attorney General disclosed a data breach affecting VF Outdoor, LLC (operating as Timberland®) on January 26, 2022. The incident, discovered on November 5, 2021, resulted from a credential stuffing attack, compromising the personal data of 48 individuals, including one Maine resident. The exposed information was limited to email addresses and passwords, with no financial data (e.g., payment cards) involved. Credential stuffing exploits reused login credentials from prior breaches to gain unauthorized access to user accounts. While the breach did not escalate to financial fraud or broader systemic damage, it posed risks such as account takeover, phishing, or identity theft for affected users. The company likely initiated password resets and notified impacted individuals, though the scale remained relatively contained. The absence of sensitive financial or high-value personal data (e.g., Social Security numbers) mitigated the severity, but the incident still highlighted vulnerabilities in authentication practices and the persistent threat of automated attacks targeting reused credentials.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for VF Corporation ??
What was VF Corporation's A.I Rankiteo Cyber Score in June 2026 ??
What was VF Corporation's A.I Rankiteo Cyber Score in May 2026 ??
What was VF Corporation's A.I Rankiteo Cyber Score in April 2026 ??
What was VF Corporation's A.I Rankiteo Cyber Score in March 2026 ??
What was VF Corporation's A.I Rankiteo Cyber Score in February 2026 ??
What was VF Corporation's A.I Rankiteo Cyber Score in January 2026 ??
What was VF Corporation's A.I Rankiteo Cyber Score in December 2025 ??
What was VF Corporation's A.I Rankiteo Cyber Score in November 2025 ??
What was VF Corporation's A.I Rankiteo Cyber Score in October 2025 ??
What was VF Corporation's A.I Rankiteo Cyber Score in September 2025 ??
What was VF Corporation's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on VF Corporation's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with VF Corporation ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view VF Corporation's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?