Conti ransomware hackers threaten to leak data of super rich jewelry company. Data of clients like Oprah, David Beckham and Donald Trump at stake

A cybercriminal group managed to extract thousands of confidential records of athletes, politicians, artists, millionaires and other celebrities after compromising the systems of the prestigious Graff jewelry store. Nearly 70,000 confidential documents have so far been leaked on a dark web platform, including files belonging to personalities such as Oprah Winfrey, Donald Trump and David Beckham, among many others.

A subsequent report says threat actors are demanding a million-dollar ransom in exchange for stopping future leaks and deleting the records exposed so far. This attack has been attributed to the operators of the Conti ransomware, one of the most dangerous encryption malware variants today.

The leaked documents include confidential records such as customer lists, invoices, receipts, proof of payment and other details, with very specific information about purchases made in the prestigious store.

Cybersecurity specialists believe that cybercriminals are demanding a payment in cryptocurrency, as these kinds of transactions are almost impossible to trace through a blockchain network. The hackers even shared a photograph of former footballer Frank Lampard leaving the store along with his wife as proof of the compromise.

In addition to 600 renowned British personalities, the incident affected hundreds of international stars, including actors such as Tom Hanks, Samuel L. Jackson and Alec Baldwin, among many others.

About this hacking group, the investigators mention that Conti operates in Russian territory and could have begun to publish the information related to this attack in early October, offering for sale some of the records exposed for extortion purposes.

The Information Commissioner’s Office (ICO) is already investigating the incident and could impose a fine on the affected company should it conclude that its security measures were not sufficient to contain the attack. Based in London, Graff has already started notifying all users potentially affected by the data breach. It is not yet known whether the company will negotiate with threat actors or try to mitigate the consequences of this incident with its own resources.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.