VF Corp said on Monday that it was looking into cybersecurity incidents that occurred on Dec. 13 and are disrupting the company’s businesses, including hindering the ability of The North Face and Vans’ parent company to fulfill customer orders on its e-commerce websites during the busy holiday season.
The attack is more bad news for the company, which is in the midst of a major turnaround effort that has included significant layoffs, after a string of weak financial results.
The cyberattack stole data and encrypted some IT systems.
“VF-operated retail stores globally are open, and consumers can purchase available merchandise, but VF is experiencing certain operational disruptions,” the company said in an SEC filing. “Consumers are able to place orders on most of the brand e-commerce sites globally, however, the company’s ability to fulfill orders is currently impacted.”
According to the SEC filing, VF Corp is is working to bring the impacted portions of its IT systems back online and implement workarounds to reduce the disruption to serve its retail and brand e-commerce consumers and wholesale customers.
In a statement, the company said the full scope, nature, and impact of the incident are not yet known.
“As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the company’s business operations until recovery efforts are completed,” the statement said.
“The company has not yet determined whether the incident is reasonably likely to materially impact the company’s financial condition or results of operations.”
Shares of VF Corp were down about 5% in pre-market trading after the announcement.
In February, snowboard company Burton was hit by a cyberattack that left the company unable to process online orders for several days.