The North Face confirms customer data exposure in April credential stuffing attack

The North Face, one of the world’s leading outdoor apparel brands, has disclosed that a credential stuffing attack on its website in April 2025 led to the unauthorized access of customer account information. The company, a subsidiary of VF Corporation, confirmed the breach in data notifications recently filed with regulators and affected customers.

According to the statement issued by The North Face, the cyberattack occurred on April 23, 2025, when the company detected unusual activity on its website, thenorthface.com. A prompt internal investigation identified the incident as a credential stuffing attack, in which hackers used login credentials previously exposed in unrelated data breaches to gain access to user accounts.

The exposed data includes full names, shipping addresses, email addresses, telephone numbers, purchase history, dates of birth, and account preferences, depending on what users had provided in their profiles. Crucially, no payment information was compromised in the incident. The North Face emphasized that it does not store payment card details directly; instead, transactions are processed through a secure third-party provider using encrypted tokens.

Credential stuffing attacks rely on the widespread user practice of reusing passwords across multiple online platforms. This incident highlights the persistent risks associated with password recycling and the absence of mandatory multi-factor authentication (MFA). Although MFA can significantly mitigate the impact of such attacks, it is not currently enforced across all user accounts on The North Face’s platform.

This latest breach marks the fourth known credential stuffing incident targeting The North Face since 2020. Earlier in March 2025, its parent company, VF Outdoor, disclosed a similar attack affecting both thenorthface.com and timberland.com, which resulted in the exposure of 15,700 user accounts. Two prior attacks occurred in November 2020 and September 2022, compromising data from over 200,000 customers combined.

The most significant cybersecurity incident involving The North Face to date occurred in December 2023, when a ransomware attack exposed the data of approximately 35 million customers.

In response to the April attack, The North Face has taken immediate remedial action, including disabling affected passwords and prompting users to reset them. The company is urging all customers to use strong, unique passwords and to remain vigilant against phishing attempts, which often follow in the wake of such data breaches.

As a precaution, The North Face is also encouraging customers to monitor their financial accounts for suspicious activity and to take advantage of free credit reports. The company provided guidance on placing fraud alerts or credit freezes through major credit bureaus including Experian, Equifax, and TransUnion.

The number of accounts affected in the April incident has not yet been disclosed. BleepingComputer has reached out to The North Face for further details, but no additional information has been provided as of yet.