Recommended reading

The North Face says customer data stolen in cyberattack

News
By published

"Small-scale credential stuffing attack" hit The North Face website

North Face Logo
(Image credit: North Face)
  • The North Face has notified customers of a data breach
  • Hackers ran a credential stuffing attack on its website and breached customer accounts
  • They stole names, addresses, and phone numbers

The North Face has confirmed suffering a credential stuffing attack through which cybercriminals exfiltrated sensitive customer information.

The outdoor clothing and equipment company has filed a new notice with the Vermont Attorney General which also included the data breach notification letter sent out to affected customers.

In the letter, the company said it discovered “unusual activity” on its website on April 23, 2025. The subsequent investigation showed that an unidentified attacker ran a “small-scale credential stuffing attack”, using login credentials obtained elsewhere, most likely purchased from the dark web.

Save up to 68% on identity theft protection for TechRadar readers

Save up to 68% on identity theft protection for TechRadar readers

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

Payment information intact

“Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple websites,” The North Face said. “We encourage all of our customers to use a unique password on our website.”

The crooks made away with people’s shipping addresses, preference information, email addresses, full names, dates of birth, and phone numbers.

“Payment card (credit, debit, or stored value card) information was not compromised on our website,” the company added.

“The attacker could not view your payment card number, expiration date, or your CVV (the short code on the back of your card).”

As The North Face explained, payment data was not taken because it’s not being stored on its servers. The company only retains a token linked to the payment card, while the payment processor retains the details.

“The token cannot be used to initiate a purchase anywhere other than on our website. Accordingly, your credit card information is not at risk as a result of this incident.”

The North Face also said notifying customers wasn’t necessary, given the nature of the stolen information, but still decided to do it “out of an abundance of caution.” Still, names, birth dates, postal addresses, and phone numbers are more than enough information to create custom, convincing phishing emails that can result in identity theft, payment information theft and wire fraud, identity theft, and more.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.