The outdoor apparel retailer is warning the North Face Customers that their personal information was stolen in a credential stuffing attacks targeting the company’s website in April.
The North Face is a major American outdoor apparel and tool brand owned by VF Corporation that also controls Vans, Timberland and Dicky.
The North Face produces more than $ 3 billion in annual revenue, one of the world’s largest outdoor brands, with its e-commerce accounting about 42% of its total sales versions.
Credential Stuffing Attack is a type of cyber attack, where actor with already exposed user name-packed couple in danger data violations try to automatically achieve unauthorized access to user accounts by automating login efforts.
The technique is possible thanks to “credentials recycling”, which is when people use the same user name and password in many online services.
However, if the accounts are protected by the multi-factor authentication (MFA), these attacks still fail, even if the password is compromised.
North Face has now started sending data brech notifications to the affected customers, in which a sample has been shared with notice. Vermont attorney general This informs customers that it has recently suffered a credentials stuffing attack.
“On April 23, 2025, we discovered the unusual activity involving our website, NorthFace.com, which we immediately examined,” Reads notice,
“After a careful and quick investigation, we concluded that an attacker launched a small -scale credential stuffing attack against our website on 23 April 2025.”
The data that has been exposed includes the following:
- Full name
- Purchase history
- Shipping Address
- email address
- Date of birth
- Telephone number
It is noted that the payment information was not revealed, as an external provider handles the payment on the site, and the northern face does not maintain anything, but requires the required tokens to go through the process.
History of cyber security failures
In the case of North Face, the decision not to implement the MFA on all accounts has come to a significant cost for its customer base, as it is the fourth credential stuffing event that is suffering from the brand’s site from 2020.
Earlier this year, its original company, VF Outdoor, informed about a credential stuffing attack, in which ‘Northface.com’ and ‘Timberland.com’ were impressed, ‘ Search on 13 March 2025That incident exposed 15,700 accounts.
Two similar incidents were revealed in November 2020 and September 2022, affecting more than 200,000 customers.
The most severe cyber security incident that kills North Face was the December 2023 ransomware attack, which was later confirmed to affect 35,000,000 customers.
Bleepingcomputer has contacted the North Face to request more information about the latest event, in which how many customers are affected, but we are still waiting for the response.
Manual patching is old. It is slow, error-prone and hard for scale.
On June 4, join Kandji + Tines, to see why the older methods are short. See the real -world examples of how modern teams use automation to patch rapid patching, risk cuts, obedient stay and leaving complex scripts.
