An extensive cyberattack was carried out by the Russian criminal group, Conti, based in St Petersburg. According to reports, the cybercriminal gang hacked into the computer systems of exclusive UK jeweller Graff. Graff operates at the upper echelon of the jewellery market and has more than 60 retail stores positioned across the globe.
Conti has already leaked 69,000 confidential documents on the dark web. Documents include including invoices, client lists, credit notes, and receipts have been taken, according to the Mail on Sunday.
Some of the files reportedly related to former US President Donald Trump, TV host Oprah Winfrey, retail tycoon Sir Philip Green, Formula One heiress Tamara Ecclestone, football legend David Beckham, ex-England and Chelsea footballer Frank Lampard, Hollywood actors Tom Hanks, Samuel L. Jackson, and Alec Baldwin, Saudi Crown Prince Mohammed bin Salman, Sheikh Mohammed bin Rashid Al Maktoum, the ruler of Dubai. and the Prime Minister of Bahrain, Salman bin Hamad Al Khalifa, are also named.
According to the Daily Mail UK, Conti has claimed the information they have already published, which involved about 11,000 of Graff’s clients, represented only 1% of the files they have stolen.
The UK Information Commissioner’s Office (ICO), said it was investigating the breach. The ICO can impose multi-million-pound fines (up to 4% of turnover), on companies that fail to keep customers’ data secure.
A spokesman for the ICO, said in a statement to Sky News: “We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be contacting the organisation to make further enquiries in relation to the information that has been provided.”
A Graff spokesperson said: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber-attack by professional and determined criminals.
“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.
“We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.”
When making purchases in person, it is within your rights to ask how the data will be stored and what their policies are in the event data is leaked. Business owners must have a system to segregate personally identifiable information from sensitive financial information. Data that is required to be stored should be stored in an encrypted format.
When purchasing items online, it is best to make payment with a payment gateway such as PayPal, as this will prevent you from needing to enter your personal details into the website. It is also vital to check for the lock icon in the URL bar and click on it to obtain more information about the SSL security certificate.
Most websites have a standard SSL certificate, but this can be upgraded to a certificate that also contains an assurance warranty.
In order to avoid cyber breaches such as this, NSI Global can provide managed services to help you implement the following policies and procedures:
About NSI Global Counter Intelligence
NSI Global Counter Intelligence is an Australian owned Global Geopolitical Risk and Counter Intelligence Advisory Firm. NSI has an interdisciplinary team of employees and partners in strategic locations around the globe.
Our Best in Class Services include:
Our experts have provided consultation, and have been interviewed numerous times by major media outlets such as:
NSI is called upon for its expertise by corporations in the Mining, Oil and Gas industries, Financial Institutions, Insurance companies, Law and Accounting firms, Government agencies and High Net-Worth individuals. To book a confidential consultation, feel free to contact our team.