Luxury jewelmaker hit by cyberattack, celebrity personal details breached

Graff jewellry shop window
(Image credit: Shutterstock.com / Leonard Zhukovsky)

Some of the world's most famous figures may be sitting slightly uncomfortably today following a ransomware attack on luxury jeweler Graff.

UK-based Graff is notable for its collection of some of the most rare and expensive diamonds, which has helped make it one of the preferred jewelers of the rich and famous, with the likes of former President Donald Trump and soccer star David Beckham possibly affected.

According to the Daily Mail, Graff was attacked by the Conti ransomware group, in a classic double-extortion attack where the attackers exfiltrated information before encrypting the jewelers' computers.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

While Graff has acknowledged the cybersecurity incident, it hasn’t commented on the nature of the attack, nor revealed the identity of the perpetrators. 

Back up from backup

The Daily Mail reports that Conti has already shared 69,000 confidential documents, including client lists, invoices, receipts and credit notes, on the dark web, as per the common tactic attackers employ as a means to back their claims about the attack. 

Furthermore, Conti adds that the shared details concern about 11,000 of Graff’s customers, representing a mere 1% of their client base whose information it now claims to possess.

While there’s no information regarding Conti’s demand, the threat actor has supposedly asked for a ransom amounting to tens of millions of pounds.

Graff operates over 60 retail stores around the world, and counts some of the wealthiest people in the world as its clients.

The Information Commissioner's Office (ICO) said it was investigating the breach.

"We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be contacting the organisation to make further enquiries in relation to the information that has been provided," an ICO representative told the Daily Mail.

A Graff spokesperson has however downplayed the incident, adding that  it had been able to 'rebuild and restart our systems within days – crucially with no irretrievable loss of data'.

Businesses can minimize cyberthreats by using one of these best endpoint security tools.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.