Fraud risk for Vans customers after data breach

Customers of the footwear brand Vans have been warned they may be at risk of fraud or identity theft following a data breach at its parent company.

VF Group detected "unauthorised activities" on a part of its IT systems in December 2023, Vans say.

It says no detailed financial information or passwords were stolen.

But it added that "it cannot be excluded" that criminals could attempt to misuse the customer data they had obtained.

VF Group also owns other brands including Timberland, The North Face and Dickies. The BBC has asked the company if customers of those brands are also affected.

In an email to its customers, Vans says the data breach was first detected by VF Group on 13 December, and was "apparently carried out by external threat actors."

The company says it "immediately took steps" to deal with the threat, including shutting down affected IT systems and hiring cybersecurity experts. By 15 December, it says, the hackers were ejected.

"Our investigation revealed that the incident has affected some personal information of our customers, that we normally store and process in order to manage online purchases, such as email address, full name, phone number, billing address, shipping address," the email said.

But it added the firm did not "collect or retain" payment or financial data, such as bank account or credit card information, so there was "no chance that any detailed financial information was exposed to the threat actors."

It said it had no information of customers being affected so far but warned the incident "may result in attempts of identity theft, phishing and possibly fraud in general."

It has advised customers to be careful of suspicious emails, texts and telephone calls asking for personal information.

Vans says it has contacted the relevant law enforcement agencies and says it will review its cybersecurity policies.