- The northern face has notified clients of a data violation
- Hackers ran a legitimation filling attack on his site and violated customer accounts
- They stole names, addresses and phone numbers
The northern face has confirmed to suffer a legitimation filling attack, through which cybercrimal ex -filtered sensitive customer information.
The company outdoor clothing and equipment has submitted a new message to Vermont Attorney General, which also included the delivery letter sent to the affected customers.
In the letter, the company said it discovered “unusual activity” on its site on April 23, 2025. The subsequent study showed that an unidentified striker was running a “small credentials’ task attack” using login credentials obtained elsewhere, most likely purchased from the Dark Web.
Payment information intact
“Credential filling -attacks can occur when individuals use the same approval information on multiple sites,” North Face said. “We encourage all our customers to use a unique password on our website.”
The villains stayed away with people’s shipping addresses, preference information, e -mail addresses, full names, birth dates and phone numbers.
“Debit card (credit, debit or saved value card) Information was not compromised on our site,” the company added.
“The attacker couldn’t see your debit card number, expiry date or your CVV (the short code on the back of your card).”
As North Face explained, payment data was not taken because they are not stored on its servers. The company retains only one token associated with the payment card while the payment processor retains the details.
“Token cannot be used to initiate a purchase anywhere than on our site. Therefore, your credit card information is not at risk as a result of this incident.”
North Face also said they announced that customers were not necessary in view of the nature of the stolen information, but still decided to make it “out of an abundance of caution.” Still, names, birth dates, postal addresses and phone numbers are more than enough information to create custom, compelling phishing -e emails that can result in identity theft, payment information and thread fraud, identity theft and more.
Via Bleeping computer
