Italian fashion designer Moncler have confirmed that they suffered a security incident at the hands of the ALPHV/BlackCat ransomware group in December. Initial discoveries by the company’s security team led them to believe it was nothing more than a service outage. After further analysis was carried out, the company released an additional statement that revealed that they had suffered a ransomware attack that affected data belonging to employees, former employees, suppliers, consultants, business partners, and customers. Some of that information included earning statements, spreadsheets with what appears to be customer information, invoices, and other documents. Moncler did not pay the ransom that had been demanded by the group, so their data was subsequently leaked. They assured that no payment information was accessed simply because they do not store that type of information on their systems. Company shareholders, as well as the Italian Data Authority, have been notified of the incident.
Analyst Notes
The ALPHV group is one of the newer cybercrime conglomerates to date. Moncler is likely their first victim, but analysis of the group has revealed that they take a “thought-out approach to all stages of the ransomware attack.” Their data leak site features Moncler’s information and states that they requested $3 million dollars from the company, but Moncler refused to pay. They also stated they are willing to sell the information of “rich customers”. It will be interesting to see what else ALPHV has up their sleeve as 2022 moves along.
https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/?&web_view=true
