Jewellery firm Graff suffers ransomware attack, hackers begin leaking client details

Jewellery firm Graff suffers ransomware attack, hackers begin leaking client details

Image:
Jewellery firm Graff suffers ransomware attack, hackers begin leaking client details

Donald Trump, Oprah Winfrey, and Saudi Crown Prince Mohammed bin Salman are among the celebrities whose personal details have been leaked on the dark web

London-based luxury jewellery firm Graff has fallen victim to a ransomware attack carried out by notorious Conti gang said to be based in Russia.

The attack was first reported by Mail on Sunday, which said that the Conti operatives accessed client information from Graff computer systems and published some 69,000 files with information on some 11,000 customers, over the last week on the dark web.

According to reports, hackers have demanded tens of millions of pounds from the firm to stop further leaks.

Donald Trump, David Beckham, Oprah Winfrey, Sir Philip Green, former footballer Frank Lampard, Formula One heiress Tamara Ecclestone, Hollywood actors Samuel L Jackson, Tom Hanks and Alec Baldwin, and singer Tony Bennett are reportedly among the celebrities whose personal details have been leaked by Conti.

Details were also posted about Bahraini Prime Minister Salman bin Hamad Al Khalifa, UAE Prime Minister Sheikh Mohammed bin Rashid Al Maktoum and Saudi Crown Prince Mohammed bin Salman.

The report said the leaked files include client lists, credit details, invoices, and receipts, noting that they could prove to be embarrassing for some individuals "who may, for example, have bought gifts for secret lovers or taken jewelry as bribes".

In a statement to Sky News, Graff acknowledged the attack, saying the firm became target of a "sophisticated - though limited - cyber attack" conducted by "professional criminals".

It said the firm's computers and the network were shut down immediately after an intrusive activity was detected by the IT security system.

Graff said it has informed all individuals whose personal data was affected in the breach.

The jewellery firm has notified The Information Commissioner's Office (ICO) and other relevant law enforcement agencies, which are now investigating the breach.

"We have received a report from Graff Diamonds Ltd regarding a ransomware attack," a spokesperson for the ICO said.

"We will be contacting the organisation to make further enquiries in relation to the information that has been provided."

Recent months have seen a huge spike in ransomware attacks, with Russia often blamed.

Japanese tech firm Olympus reportedly suffered a ransomware attack in September, which impacted its business units in Europe, the Middle East and Africa (EMEA).

Earlier in July, at least 200 businesses were affected by a ransomware attack, after cyber criminals hijacked widely used software from Florida-based IT firm Kaseya.

In May, US fuel distributor Colonial Pipeline suffered a massive ransomware attack that crippled fuel delivery in southeastern US states.

Oz Alashe, CEO and founder at behavioural security platform CybSafe, commented: "This latest attack starkly shows how the smallest actions can have the largest consequences. It's believed the attack suffered by Graff originated from a malicious link in an email, with one errant click leading to the leaking of hundreds of individuals' personal information and a steep cost for the luxury brand, both financially and in terms of reputation."

"It's easy to play the blame game when such breaches occur, but more often than not this is counter-intuitive and doesn't result in any genuine behavioural change."

"No-one is completely infallible when it comes to cyber security, but by avoiding a one-size-fits-all approach and appreciating the different approaches of each individual, businesses can greatly shift the odds in their favour."