A cybercriminal group managed to extract thousands of confidential records of athletes, politicians, artists, millionaires and other celebrities after compromising the systems of the prestigious Graff jewelry store. Nearly 70,000 confidential documents have so far been leaked on a dark web platform, including files belonging to personalities such as Oprah Winfrey, Donald Trump and David Beckham, among many others.
A subsequent report says threat actors are demanding a million-dollar ransom in exchange for stopping future leaks and deleting the records exposed so far. This attack has been attributed to the operators of the Conti ransomware, one of the most dangerous encryption malware variants today.
The leaked documents include confidential records such as customer lists, invoices, receipts, proof of payment and other details, with very specific information about purchases made in the prestigious store.
Cybersecurity specialists believe that cybercriminals are demanding a payment in cryptocurrency, as these kinds of transactions are almost impossible to trace through a blockchain network. The hackers even shared a photograph of former footballer Frank Lampard leaving the store along with his wife as proof of the compromise.
In addition to 600 renowned British personalities, the incident affected hundreds of international stars, including actors such as Tom Hanks, Samuel L. Jackson and Alec Baldwin, among many others.
About this hacking group, the investigators mention that Conti operates in Russian territory and could have begun to publish the information related to this attack in early October, offering for sale some of the records exposed for extortion purposes.
The Information Commissioner’s Office (ICO) is already investigating the incident and could impose a fine on the affected company should it conclude that its security measures were not sufficient to contain the attack. Based in London, Graff has already started notifying all users potentially affected by the data breach. It is not yet known whether the company will negotiate with threat actors or try to mitigate the consequences of this incident with its own resources.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.