The North Face has announced a security incident that was noticed by their security team on August 11. The credential stuffing attack was carried out for nearly a month, from July 26 to August 19. Although it is common for attackers to target payment information when breaching online retail accounts, The North Face has assured that they do not store payment information on their site. The online store only captures a tokenized version of the payment information that cannot be accessed directly from the account. However, other information could have been accessed including purchase history, billing and shipping address, preferences, email address, first and last name, date of birth, telephone number, unique North Face ID number, gender, and XPLR Pass reward records. The North Face removed the payment tokens and forced password resets for account holders. This will cause customers to create a new password and re-enter their payment information upon login and making an online purchase.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in