A Vans count on is seen in Hong Kong.
Budrul Chukrut | LightRocket | Getty Images
Shares of The North Face and Vans proprietor VF Corp. tumbled Monday after the company reported that a hack had affected its ability to fulfill some bids ahead of the holidays.
The company said hackers encrypted “some” systems and made off with personal data. Those are some symbols of ransomware, where attackers try to extort companies in exchange for hefty payment. VF Corp. declined to comment on whether the skirmish was a ransomware attack.
The stock closed down more than 7% Monday.
VF Corp. announced the incident on the unchanged day that the U.S. Securities and Exchange Commission’s new cyber disclosure rules took effect. Those regulations mandate that companies narrate “material cybersecurity incidents” to their investors within four days of determining that a hack would include an effect on their bottom lines. VF Corp. first identified hackers in its system on Dec. 13, meaning it took more little time for the company to identify the threat as material.
The attack is expected to hit the company’s operations in the lead up to the critical sabbatical shopping period. The company said the breach has affected its ability to fulfill orders, but customers will still be competent to place them online.
The full scope of the attack is still not known, and it will likely continue to have a concrete impact until recovery efforts are complete, the company said.
The new SEC rules are designed to give investors a clearer fancy of how attacks can harm businesses. When casino firm Caesars Entertainment was breached earlier this year, for case, the company quietly paid a $15 million ransom, sources previously told CNBC. Only after MGM Turn ti was hit by the same attacker did Caesars disclose that it had been affected.
Under the new disclosure obligations, Caesars likely last wishes a have had to report the hack and the payment much earlier. Regulators and law enforcement strongly discourage companies from remittance ransoms. But given the debilitating effects that cyber disruptions can have, many companies do so anyway.
VF Corp. is the current major company to be hit a by cyberattack that disrupted company operations. In addition to Caesars and MGM, Clorox was hit by a breach that retarded the company from keeping its items on store shelves earlier this year.