Moncler Confirms Data Breach After Ransomware Gang Advertises ‘Rich Customer’ Data on Leak Website
Milano-based luxury fashion brand Moncler has confirmed a data breach after a ransomware attack that disrupted its IT service during Christmas.
In a short update Jan. 3, the fashion house said it had detected unauthorized access to personal data on its systems and that it had contacted the local data protection agency and police.
However, in a press release from Jan 18, Moncler provided additional details of the cyberattack that delayed many order shipments during the holidays. According to the company, the attackers managed to steal information of employees and customers - data that has now been put up for sale on the dark web.
“Concerning the cyberattack reported in the press releases date 23 and 30 December 2021, Moncler informs that the Company has received a ransom demand which has been rejected, firmly believing the request to be against its founding principles,” reads the data breach notification, shared with Bleeping Computer. “As a result of this decision some data, that was exfiltrated by cybercriminals, have been published on the dark web today. While the investigation related to the attack is still ongoing, Moncler confirms that the stolen information refers to its employees and former employees, some suppliers, consultants and business partners as well as customers registered in its database.”
The attack was orchestrated by the AlphV/BlackCat ransomware gang, which is now trying to sell information belonging to “rich customers” via their data leak website.
Although the luxury fashion house provided no comprehensive list of the data sets stolen during the attack or number of affected customers, it has assured that “no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems.”
According to Bleeping Computer’s analysis of the ransomware gang’s leak website, the threat actors are now attempting to cash in.
“The brand sold all of you for $3m,” the post reads. “If you’re interested in buying the information about rich customers feel free to reach us.”
Moncler has also advised customers to be wary of fake messages impersonating official communications from the company, and to avoid using the same ID and password provided during registration on other websites.
Are you a data breach victim? Time to find out with Bitdefender Digital Identity Protection service. Once subscribed you get real-time data breach notifications, as well as a mapping of your digital footprint to help you keep tabs on your digital exposure and manage your privacy.
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022
Top Three Ways Internet Users Unknowingly Help Cybercriminals
February 25, 2022