Italian fashion giant Moncler confirmed that it fell victim to a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December. The files were published on Jan. 18 on the dark web.
The attack occurred during the final week of 2021, when the luxury fashion company announced an interruption in its IT services, but Moncler clarified that the rest of the attack would result in nothing more than a temporary outage.
Then, on Jan. 3, Moncler released an update on the situation, reactivated its logistics systems, and prioritized e-commerce shipments that got delayed in shipping.
In a Jan. 18 statement, the fashion brand confirmed that some data pertaining to its employees, former employees, suppliers, consultants, business partners, and customers was leaked by the AlphaV (Black Cat) ransomware operation.
Moncler stated that they rejected the idea of paying a ransom demand since it goes against its founding principles. This led to the company’s stolen data getting published by the hackers.
“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems,” Moncler said in the statement.
Additionally, Moncler warned that the further possession or distribution of the stolen data would be considered a criminal offense.
“Moncler reminds that all information in the possession of cybercriminals is the result of illegal activities and that consequently, the acquisition, use and dissemination of the same constitutes a criminal offense.”
Finally, the fashion brand added that they have informed company stakeholders and the Italian Data Protection Authority about the attack.
AlphV/Black Cat
Moncler Group has become one of the first AlphV/Black Cat ransomware victims since the new Ransomware-as-a-Service (RaaS) operation started at the beginning of December.
On Jan. 18, the AlphV ransomware gang published Moncler’s data on their data leak and indicated that they demanded $3 million from the company to not publish the data.
According to screenshots shared on the site, the stolen data includes earning statements, spreadsheets with customer information, invoices, and other documents.
Currently, the ransomware gang is attempting to sell the data of “rich customers” to other threat actors.