Apparel maker Varsity Brands says data breach impacted over 65,000 customers

American apparel company Varsity Brands said that the data security incident it suffered earlier this year compromised the sensitive personal information of more than 65,000 individuals.

 

Based in Dallas, Texas, and owned by the private equity firm Kohlberg Kravis Roberts, Varsity is the leading provider of cheerleading, dance, and performing arts competitions, apparel, uniforms, footwear, training camps, and yearbooks.

 

In a data breach notice filed with the Office of Maine Attorney General, Varsity Brands said that on May 24, it identified unusual activity in its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to contain the incident, including taking several systems offline and notified law enforcement authorities about the incident.

 

“After shutting down the unusual activity, we determined that an unauthorised third party obtained a small subset of company files,” Varsity said.

 

“Prior to the incident, Varsity Brands had a number of security measures in place. Upon discovering the incident, we promptly rotated credentials, implemented additional safeguards, reinforced our security practices, and we are actively reviewing our systems to further strengthen security monitoring and controls,” the company added.

 

It said the compromised data includes names and other personal identifiers and revealed in its regulatory filing with the Maine state regulator that at least 65,669 individuals were impacted by the incident.

 

Varsity Brands has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The company has also offered two years of complimentary identity protection and credit monitoring services through TransUnion to all the affected individuals.

 

As of now, no known ransomware group has claimed responsibility for the cyber attack on Varsity Brands. The company also did not disclose who is behind the cyber attack or whether it has paid a ransom to regain access to the compromised customer information.