Ransomware Attack on Moncler
Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web.
The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December.
Attackers hit Moncler in the final week of 2021, causing a temporary outage of its IT services which delayed shipments of goods ordered online.
Some data stolen in the incident was published online on Tuesday after Moncler refused to pay a ransom to its attackers.
Data compromised in the security incident relates to Moncler employees, former employees, suppliers, consultants, business partners and some customers registered on the company’s website.
Moncler said in a statement: “While the investigation related to the attack is still ongoing, Moncler confirms that the stolen information refers to its employees and former employees, some suppliers, consultants and business partners, as well as customers registered in its database.
“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems.”
The fashion brand said that the brief interruption to the logistical side of its operation had not put a major dent in its profits.
“Data breaches are part of the web attack lifecycle and continue to fuel Account Takeover (ATO) and credential stuffing attacks. Therefore, we need to protect the apps that power our daily lives by disrupting the web attack lifecycle,” commented Kim DeCarlis, CMO at cybersecurity company PerimeterX.
They added: “This includes stopping the theft, validation and fraudulent use of account and identity information everywhere along the digital journey.”
Trevor Morgan, product manager with data security specialists comforte AG, said that data-dependent businesses need to assume that they are a target for cyber-criminals.
“Squirreling sensitive data away behind protected perimeters won’t cut it anymore as a defensive measure,” said Morgan.
He added: “Only robust data-centric security, such as tokenization or format-preserving encryption applied directly to sensitive data elements, can help mitigate the situation if the wrong hands get ahold of your data.”
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website...
Microsoft Fixes Security Flaw in Windows Screenshot Tools
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots Read More
Three Variants of IcedID Malware Discovered
The new variants hint that considerable effort is going into the future of IcedID and its codebase Read More
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...