Apparel supplier for North Face, Vans admits its cyberattack led to a data breach of 35 million customers

VF Corp said in December the attack slowed holiday fulfillment.

anilbolukbas via Getty Images

Major apparel supplier VF Corp followed up on its December cyberattack disclosure, with its latest Securities and Exchange Commission form admitting to a data breach impacting up to 35.5 million customers. That means if you've purchased from its major brands like Vans, North Face, Timberland, Dickies and more, you may have been impacted. But VF Corp still insists that the incident won't hurt its financial performance.

Initially, VF Corp warned customers that the cyberattack it experienced in December could have an impact on its holiday order fulfillment. The company said "unauthorized occurrences" on its IT systems caused operational disruptions, and the attackers likely stole personal information. Now, it's come out just how widespread the damage from the attack could be.

VF Corp did not respond to a request for comment clarifying what type of data the hackers stole. In the SEC filing, however, the company said it did not collect consumer social security numbers, bank account information or payment card information, and that there is no evidence the hackers stole passwords. It also said that the unauthorized users were "ejected" from its systems by December 15, after being discovered two days earlier.

"Since the filing of the Original Report, VF has substantially restored the IT systems and data that were impacted by the cyber incident, but continues to work through minor operational impacts," the latest filing states. VF still has not confirmed who was behind the attack.