The North Face is an outdoor apparel company best known for its jackets and footwear. Founded in 1968 by Douglas Tomkins and Susie Tomkins Buell, The North Face has been serving customers for over 50 years.
The breach was a credential-stuffing attack on The North Face's official website. Its sister company, Vans, has also been affected by the hack. It was discovered on August 11th of, 2022, and was stopped on August 19th. The parent company of The North Face, VF Corporation, immediately began sending notification letters to anyone affected.
Hackers achieved the breach through a method called 'credential stuffing.' This is where a hacker will take leaked data and information from another attack or breach and count on what's referred to as 'password recycling.' Password recycling is when you use the same password across accounts. If this is ever done, the hackers can use that one password to access multiple accounts.
The breach occurred on Wednesday, July 6th, 2022.
The breach impacts anyone who has their personal information on thenorthface.com or vans.com. None of the payment information was stored on these websites; The North Face has assured everyone that there was a third party responsible for keeping track of the payments and that there's nothing to worry about regarding payment information.
Almost 200,000 accounts were accessed in the breach, 194,905 to be exact. These included the affected customers' full names, addresses, genders, and phone numbers.