Ransomware Attack on Moncler
Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web.
The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December.
Attackers hit Moncler in the final week of 2021, causing a temporary outage of its IT services which delayed shipments of goods ordered online.
Some data stolen in the incident was published online on Tuesday after Moncler refused to pay a ransom to its attackers.
Data compromised in the security incident relates to Moncler employees, former employees, suppliers, consultants, business partners and some customers registered on the company’s website.
Moncler said in a statement: “While the investigation related to the attack is still ongoing, Moncler confirms that the stolen information refers to its employees and former employees, some suppliers, consultants and business partners, as well as customers registered in its database.
“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems.”
The fashion brand said that the brief interruption to the logistical side of its operation had not put a major dent in its profits.
“Data breaches are part of the web attack lifecycle and continue to fuel Account Takeover (ATO) and credential stuffing attacks. Therefore, we need to protect the apps that power our daily lives by disrupting the web attack lifecycle,” commented Kim DeCarlis, CMO at cybersecurity company PerimeterX.
They added: “This includes stopping the theft, validation and fraudulent use of account and identity information everywhere along the digital journey.”
Trevor Morgan, product manager with data security specialists comforte AG, said that data-dependent businesses need to assume that they are a target for cyber-criminals.
“Squirreling sensitive data away behind protected perimeters won’t cut it anymore as a defensive measure,” said Morgan.
He added: “Only robust data-centric security, such as tokenization or format-preserving encryption applied directly to sensitive data elements, can help mitigate the situation if the wrong hands get ahold of your data.”
More Stories
Apple Patches Three Actively Exploited Zero-Days
Bugs were found by Citizen Lab and Google Read More
How To Talk To Your Kids About Identity Theft
Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list...
Snatch ransomware – what you need to know
The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service...
UK-US Confirm Agreement for Personal Data Transfers
The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data...
Donald Trump Jr’s hacked Twitter account announces his father has died
Donald Trump Jr may not have just inherited his famous father's name. He may also have inherited his bad password...
Smashing Security podcast #340: Heated seats, car privacy, and Graham’s porn video
Do you know what data your car is collecting about you? Do you think it’s right for a car manufacturer...