---
schema_version: "secwatch.filing_event.v1"
accession: "0001193125-24-010243"
form_type: "8-K/A"
ticker: "VFC"
cik: "0000103379"
company_name: "V F CORP"
filed_at: "2024-01-18T23:59:59+00:00"
generated_at: "2026-06-06T21:40:42.235952+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.7
calibrated_materiality_score: 0.7
confidence: "high"
source: SEC EDGAR
---

# VF Corp reports 35.5M consumer personal data stolen in Dec 2023 cyber incident

## Summary
- Threat actor ejected Dec 15, 2023; retail stores, e-commerce, distribution centers operating with minimal issues.
- Personal data of approx 35.5M individual consumers stolen; no SSNs, bank account, or payment card info.
- No evidence that consumer passwords were acquired by the threat actor.
- Business disruptions (retail replenishment, order fulfillment) resolved; minor residual impacts remain.
- VF believes breach not material to financial condition; seeking insurance reimbursement.

## SEC filing metadata
- accession: 0001193125-24-010243
- form_type: 8-K/A
- ticker: VFC
- cik: 0000103379
- company_name: V F CORP
- filed_at: 2024-01-18T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.7
- calibrated_materiality_score: 0.7
- confidence: high
- sec_items: 1.05
- EDGAR index: https://www.sec.gov/Archives/edgar/data/103379/000119312524010243/0001193125-24-010243-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/103379/000119312524010243/d641969d8ka.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001193125-24-010243
- JSON: https://secwatch.observer/filing/0001193125-24-010243.json
- Plain text: https://secwatch.observer/filing/0001193125-24-010243.txt

## Key facts
- Cybersecurity Incidents
  V F CORP disclosed a cybersecurity incident: Unauthorized occurrences on a portion of its IT systems, theft of personal data of approximately 35.5 million individual consumers. Impact: Disruption to operations including interrupted replenishment of retail store inventory and delayed order fulfillment; impacts are no longer ongoing and are not material to financial condition and results of operations. Company determined it not material. Discovered 2023-12-13.
  - Nature: Unauthorized occurrences on a portion of its IT systems, theft of personal data of approximately 35.5 million individual consumers
  - Impact: Disruption to operations including interrupted replenishment of retail store inventory and delayed order fulfillment; impacts are no longer ongoing and are not material to financial condition and results of operations
  - Materiality: not material
  - Discovery: 2023-12-13
  source text: As of the date of this Amendment, VF also believes the impacts of the cyber incident are not material and are not reasonably likely to be material to its financial condition and results of operations.
  evidence_url: https://www.sec.gov/Archives/edgar/data/103379/000119312524010243/0001193125-24-010243-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.