Moncler confirms ransomware attack and data breach

News
By Sead Fadilpašić
published

Luxury company paid no ransom, and now the data has leaked online

Ransomware
(Image credit: Shutterstock)

Italian luxury fashion brand Moncler has confirmed it suffered a major ransomware attack that led to a data breach.

In a press release, the company said that after the incident occurred in late December last year, it had received a ransomware demand, which it rejected, as it goes “against its founding principles”.

As a result, the data stolen in the breach was published on the dark web.

Moncler data breach

The published batch includes data on employees and former employees, “some suppliers, consultants and business partners,” as well as some customers registered in its database. No payment data was taken, Moncler confirms, as the company does not store such data on its premises. The company did not provide further details on the data stolen, or whether it could be used in identity theft.

Reports claim the group behind the ransomware attack is called AlphV/BlackCat - a relatively new entrant to the cybercrime scene, whose Ransomware-as-a-Service (RaaS) operation launched in early December 2021 - with Moncler one of AlphV’s first victims.

The publication described it as “the most sophisticated RaaS of last year”, mostly due to its “robust operational structure, features, and thought-out approach” to all stages of the ransomware attack.

Warning against the distribution of stolen data

The data leak site, established by the attackers, shows that the ransom demand was $3 million. The stolen data seems to include earning statements, spreadsheets with customer information, and invoices. The group is now allegedly looking for a buyer interested in data on Moncler’s “rich customers”.

In its press release, Moncler also apologized for the disruption and said that it notified both law enforcement agencies, and affected stakeholders, as soon as it discovered the attack. It did not describe how the attack took place, and if any endpoints were compromised with malware.

It also warned potential buyers that they, too, would be committing a criminal offense:

"Moncler reminds that all information in the possession of cybercriminals is the result of illegal activities and that consequently, the acquisition, use and dissemination of the same constitutes a criminal offense,” the announcement reads.

  • You might also want to check out our list of the best firewalls right now

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.