Outdoor clothing company The North Face is warning customers that their personal information was stolen during a cyberattack on its website in April.
The attack was what’s known as a credential stuffing attack. In this type of cyberattack, hackers use stolen usernames and passwords from past data breaches to try and log in to accounts on other websites. These attacks work when people use the same login details on different sites. However, they usually fail if users have multi-factor authentication (MFA) turned on.
The North Face began notifying affected customers after discovering the issue on April 23, 2025. In a notice filed with the Vermont Attorney General, the company said it found unusual activity on its website and quickly began an investigation.
“Following a careful and prompt investigation, we concluded that an attacker had launched a small-scale credential stuffing attack against our website on April 23, 2025,” the notice said.
The personal information that may have been exposed includes:
- Full name
- Purchase history
- Shipping address
- Email address
- Date of birth
- Phone number
The company confirmed that payment details were not affected. Payments are processed by a third-party service, and The North Face does not store any payment data itself, only a token that helps complete the payment.
