The world-famous fashion brand Levi Strauss has reported supply chain challenges after a key customer suffered a "cybersecurity breach".
In an earnings call, Michelle Gass, CEO, innocuously discussed the brand's "unprecedented partnership with global icon, Beyoncé" and a current trend for "head-to-toe denim dressing".
But she also revealed that an important but unnamed partner suffered a breach that "impacted shipping", which the brand is now working to get "back to normal standards".
Gass also appears to suggest that incident contributed to "lower performance" in Mexico, where wholesale customers account for the majority of sales and it manufactures roughly two thirds of its total production.
The admission comes just months the fashion firm announced that the accounts of up to 72,000 people may have been compromised in a credential stuffing attack, which is not believed to be linked to the latest incident.
In the earnings call, Gass said: "Performance with our key customers has been mixed, some for reasons within our control, and others external, including a cybersecurity breach at one key customer that has impacted shipping," she said.
"We're working closely with our wholesale partners to stabilise this business and have recently made changes aimed at improving our performance in this channel."
Gass added: "I want to underscore that we have the expertise in place to address these issues and make swift progress."
READ MORE: GenAI malware has been discovered in the wild, researchers claim
During the last quarter, Q3 2024, Levi Strauss' net revenues were "flat" at $1.5 billion. In the Americas, net revenues decreased 1% .
On the call, an analyst asked about "the drivers of this quarter's revenue miss".
Harmit Singh, CFO, then replied: "One of the reasons was the cybersecurity and our constraints into ship [sic.]. The reason? I won't quantify it... because we're working through that with our largest customer.
"These things, because they have technology implications, take a little time where we're working through it. We feel good about the fact that the business, generally, the brand and the business is healthy and it's a matter of timing. So more to come. But the reason I'm not giving you a clear answer is because I just need – we need -another quarter for this to improve and the systems to start working on both sides."
READ MORE: CISA reveals tactics of Russian threat actors hitting global CNI targets
Earlier this year, Levi Strauss told customers it had "detected suspicious activity that may have impacted your account", which it blamed on "unknown parties" who "launched an automated cyberattack". It then carried out a forced password reset.
In a filing published on the State of California Department of Justice's website, it wrote: "On June 13th we identified an unusual spike in activity on our website. Our investigation showed characteristics associated with a 'credential stuffing' attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case www.levis.com."
It said that the threat actors may have been able to view information such as customers' order history, name, email, stored addresses, and, parts of their payment details such as the last 4 digits of a card number, the card type and expiration date.
"It does not appear that any fraudulent purchases were initiated using your information," it added. "Our systems do not allow saved payment methods to be used for purchases without a secondary means of authentication."
We have written to Levi Strauss for comment.
Do you know which Levi Strauss customer suffered a breach? Get in touch with jasper@thestack.technology to let us know in confidence.
