Celebrity details leaked after London jeweller hacked
London-based jeweller Graff has been attacked by a ransomware gang, with cyberhackers stealing celebrity clients’ details.
Russian group Conti – who are known for launching attacks on hospitals and government departments – are thought to have demanded millions of pounds in ransom.
The group has already leaked around 69,000 confidential documents on the dark web, it has been reported.
Celebrity names mentioned in the leaked files have included Donald Trump, David and Victoria Beckham, Tom Hanks and Oprah Winfrey. The hack was first reported by the Mail on Sunday and is thought to have included leaked client lists, invoices, receipts and credit notes.
The group said it has only leaked one per cent of the files it has stolen, with around 11,000 clients already affected by leaks.
The jewellery firm said the “vast majority” of clients have not been the victim of personal data loss. Hackers have mostly leaked clients’ names and, in some cases, their home address – which Graff said could be found via public sources elsewhere.
Most of the documents did not contain information that would put clients at risk of identity theft, the company added.
Other high profile names said to be in the leak so far include actors Samuel L Jackson and Alec Baldwin. Former topshop boss, Sir Philip Green, and the Formula One heiress, Tamara Ecclestone are also thought to have been impacted.
It has been reported the leak shows two addresses for Oprah Winfrey and seven for Donald and Melania Trump.
What’s more, a US address for the UK’s richest man, Sir Len Blavatnik, is thought to have been leaked.
The hackers are expected to have demanded payment via either a cyber currency like Bitcoin or even jewels.
The hack is being investigated by the Information Commissioner’s Office (ICO), which can fine companies millions for failing to protect customers’ data.
An ICO spokesperson told Sky News: “We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be contacting the organisation to make further enquiries in relation to the information that has been provided.”
A Graff spokesperson said: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals.
“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.”
The firm said it contacted those affected and advised them of steps to take.