1. Forum
  2. tqwNet
  3. TQW GENTECH

  • The North Face says customer data stolen in cyberattack

    From TechnologyDaily@1337:1/100 to All on Tuesday, June 03, 2025 14:30:10
    The North Face says customer data stolen in cyberattack

    Date:
    Tue, 03 Jun 2025 13:27:00 +0000

    Description:
    A "small-scale credential stuffing attack" took place on The North Face website after crooks obtained credentials elsewhere.

    FULL STORY ======================================================================The North Face has notified customers of a data breach Hackers ran a credential stuffing attack on its website and breached customer accounts They stole names, addresses, and phone numbers

    The North Face has confirmed suffering a credential stuffing attack through which cybercriminals exfiltrated sensitive customer information.

    The outdoor clothing and equipment company has filed a new notice with the Vermont Attorney General which also included the data breach notification letter sent out to affected customers.

    In the letter, the company said it discovered unusual activity on its website on April 23, 2025. The subsequent investigation showed that an unidentified attacker ran a small-scale credential stuffing attack, using login
    credentials obtained elsewhere, most likely purchased from the dark web.

    Save up to 68% on identity theft protection for TechRadar readers

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

    Preferred partner ( What does this mean? ) View Deal Payment information intact

    Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple websites, The North Face said. We encourage all of our customers to use a unique password on our website.

    The crooks made away with peoples shipping addresses, preference information, email addresses, full names, dates of birth, and phone numbers.

    Payment card (credit, debit, or stored value card) information was not compromised on our website, the company added.

    The attacker could not view your payment card number, expiration date, or
    your CVV (the short code on the back of your card).

    As The North Face explained, payment data was not taken because its not being stored on its servers. The company only retains a token linked to the payment card, while the payment processor retains the details.

    The token cannot be used to initiate a purchase anywhere other than on our website. Accordingly, your credit card information is not at risk as a result of this incident.

    The North Face also said notifying customers wasnt necessary, given the
    nature of the stolen information, but still decided to do it out of an abundance of caution. Still, names, birth dates, postal addresses, and phone numbers are more than enough information to create custom, convincing
    phishing emails that can result in identity theft , payment information theft and wire fraud, identity theft, and more.

    Via BleepingComputer You might also like Millions of Vans, North Face customers confirmed hit in data breach Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-north-face-says-customer-data-stole n-in-cyberattack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)