Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
VF Corporation

VF Corporation Vendor Cyber Rating & Cyber Score

vfc.com

VF is redefining what it means to be the world’s best apparel, footwear and equipment company, powering iconic active lifestyle brands including The North Face®, Vans® and Timberland®.


VF Corporation A.I CyberSecurity Scoring

VF Corporation
Company Information
Website:http://www.vfc.com
Employees number:31,955
Number of followers:613,639
NAICS:448
Industry Type:Retail Apparel and Fashion
Homepage:vfc.com
VF Corporation Risk Score (AI oriented)
Between 550 and 599
logo
VF CorporationRetail Apparel and Fashion
Updated:
28/03/2026
556/1000
Very Poor
Ca
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
VF Corporation Global Score (TPRM)
xxxx
logo
VF CorporationRetail Apparel and Fashion
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

VF Corporation
VF CorporationVery Poor
Current Score
556Ca (VERY POOR)
01000
6 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
570Before Incident
JUNE 2026
570Before Incident
MAY 2026
566Before Incident
APRIL 2026
566Before Incident
MARCH 2026
555Before Incident
FEBRUARY 2026
552Before Incident
JANUARY 2026
548Before Incident
DECEMBER 2025
542Before Incident
NOVEMBER 2025
540Before Incident
OCTOBER 2025
536Before Incident
SEPTEMBER 2025
531Before Incident
AUGUST 2025
526Before Incident
APRIL 2025
565Before Incident
Breach
01 Apr 2025VF Corporation
VF Outdoor

The North Face Data Breach

501After Incident
CRITICAL-64
VF-736060625
VF Outdoor, the parent company of outdoor clothing brand The North Face, reported a data breach affecting almost 3,000 customers. The breach, which occurred in April, involved a credential stuffing attack where hackers used stolen login information from other sources to access user accounts. The compromised data included names, addresses, dates of birth, telephone numbers, and purchase history. Payment card information was not compromised as it was stored on a third-party platform.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Unauthorized Access
IMPACT
NamesAddressesDates of BirthTelephone NumbersPurchase HistoryRetail Website
DATA BREACH
Personal InformationPurchase HistoryNumber Of Records Exposed: 2,861NamesAddressesDates of BirthTelephone Numbers
MARCH 2025
617Before Incident
Breach
13 Mar 2025VF Corporation
VF Outdoor, LLC

Data Breach at VF Outdoor, LLC

562After Incident
LOW-55
VF-242072525
The California Office of the Attorney General reported a data breach involving VF Outdoor, LLC on April 4, 2025. The breach occurred on March 13, 2025, as a result of a credential stuffing attack, potentially affecting user accounts but not directly compromising sensitive payment information.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
User AccountsPayment Information Risk: Low
DATA BREACH
User Accounts
DECEMBER 2023
658Before Incident
Ransomware
18 Dec 2023VF Corporation
VF Corporation: North Face owner, $11 billion VF Corp., hit by ransomware

VF Corporation Hit by Ransomware Attack Under New SEC Disclosure Rules

564After Incident
CRITICAL-94
VF-1773260958
VF Corporation Hit by Ransomware Attack Under New SEC Disclosure Rules VF Corporation, the parent company of major apparel brands including The North Face, Vans, and Timberland, disclosed a ransomware attack that disrupted business operations and resulted in data theft. The incident marks the first "material" cybersecurity breach reported under the U.S. Securities and Exchange Commission’s (SEC) new rules, which took effect on December 15, 2023. The company detected unauthorized activity on its IT systems on December 13, prompting the activation of its incident response plan and the shutdown of affected systems. The threat actor encrypted portions of VF’s IT infrastructure and exfiltrated data, including personal information. While the full scope and impact remain under investigation, VF acknowledged the attack has already had and is likely to continue having a material impact on its operations. VF, which employs 33,000 people globally and reported $11.6 billion in annual revenue for fiscal 2023, is working to restore affected systems and implement workarounds to minimize disruptions to retail, e-commerce, and wholesale operations. The company did not disclose whether a ransom demand was made or which ransomware group was responsible. The attack occurs amid a surge in big-game ransomware incidents, with groups like LockBit and BlackCat leading activity in 2023. Cybersecurity firms, including CrowdStrike and Kroll, report a 51% increase in enterprise-targeted ransomware attacks this year, driven by exploited vulnerabilities, zero-day exploits, and advanced social engineering tactics such as phishing and voice-based scams. The year also saw a record 26,447 software vulnerabilities reported, further escalating cyber risks for organizations.
INCIDENT DETAILS -
TYPE
ransomware
IMPACT
Data Compromised: personal informationSystems Affected: IT infrastructureOperational Impact: disrupted business operations, material impact on operations
DATA BREACH
Type Of Data Compromised: personal informationData Exfiltration: yesPersonally Identifiable Information: yes
MARCH 2023
704Before Incident
Breach
13 Mar 2023VF Corporation
VF Outdoor, LLC

VF Outdoor, LLC Data Breach

637After Incident
LOW-67
VF-517072725
The Maine Office of the Attorney General reported that VF Outdoor, LLC experienced a data breach on March 13, 2023, affecting a total of 15,713 individuals, with 27 residents of Maine specifically affected. The breach was discovered on March 13, 2025, and notifications were sent electronically on April 4, 2025. The type of breach was classified as 'Other.'
INCIDENT DETAILS -
TYPE
Data Breach
JULY 2022
764Before Incident
Breach
26 Jul 2022VF Corporation
VF Outdoor, LLC

Data Breaches at VF Outdoor, LLC (The North Face and Vans)

692After Incident
CRITICAL-72
VF-335091725
VF Outdoor, LLC, the parent company of brands like The North Face and Vans, suffered two separate data breaches in mid-2022. The breach at thenorthface.com was identified on August 11, 2022, stemming from a credential stuffing attack initiated on July 26, 2022, which compromised the personal information of approximately 162,823 individuals. The second breach at vans.com involved unauthorized access detected on August 20, 2022, affecting around 32,082 individuals. The attacks exploited reused or weak credentials, allowing threat actors to gain access to customer accounts. While the exact type of data exposed was not fully detailed, such breaches typically involve personal identifiable information (PII), including names, email addresses, and potentially payment or account details. The incidents highlight vulnerabilities in authentication mechanisms, exposing customers to risks like identity theft, phishing, or fraudulent transactions. No ransomware was reported, but the scale and nature of the breach suggest significant reputational and financial repercussions for the company, along with potential regulatory scrutiny under data protection laws like CCPA (California Consumer Privacy Act).
INCIDENT DETAILS -
TYPE
Data BreachCredential StuffingUnauthorized Access
IMPACT
thenorthface.comvans.com
DATA BREACH
162,82332,082
OCTOBER 2021
785Before Incident
Cyber Attack
24 Oct 2021VF Corporation
VF Outdoor, LLC

Timberland Data Breach via Credential Stuffing Attack

759After Incident
MEDIUM-26
VF-027091825
The Maine Office of the Attorney General disclosed a data breach affecting VF Outdoor, LLC (operating as Timberland®) on January 26, 2022. The incident, discovered on November 5, 2021, resulted from a credential stuffing attack, compromising the personal data of 48 individuals, including one Maine resident. The exposed information was limited to email addresses and passwords, with no financial data (e.g., payment cards) involved. Credential stuffing exploits reused login credentials from prior breaches to gain unauthorized access to user accounts. While the breach did not escalate to financial fraud or broader systemic damage, it posed risks such as account takeover, phishing, or identity theft for affected users. The company likely initiated password resets and notified impacted individuals, though the scale remained relatively contained. The absence of sensitive financial or high-value personal data (e.g., Social Security numbers) mitigated the severity, but the incident still highlighted vulnerabilities in authentication practices and the persistent threat of automated attacks targeting reused credentials.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Email addressesPasswordsIdentity Theft Risk: Potential (due to exposed credentials)Payment Information Risk: None
DATA BREACH
Email addressesPasswordsSensitivity Of Data: Moderate (credentials)Data Exfiltration: YesPersonally Identifiable Information: Partial (email addresses)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for VF Corporation ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in June 2026 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in May 2026 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in April 2026 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in March 2026 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in February 2026 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in January 2026 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in December 2025 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in November 2025 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in October 2025 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in September 2025 ?
?
What was VF Corporation's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on VF Corporation's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with VF Corporation ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view VF Corporation's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?