Fashion Giant Moncler Hit with Ransomware Attack, Data Breach
Fashion retailer Moncler has confirmed a data breach after a recent ransomware attack.
This week, Moncler confirmed to Bleeping Computer that some data related to its employees, former employees, suppliers, consultants, business partners and customers was leaked by the AlphaV (BlackCat) ransomware operation. The ransomware gang also demanded $3 million not to publish the data.
The company issued the following statement:
“Moncler recently detected an extremely sophisticated malware attack on its IT systems. The breach is not related to tools and payment methods, given that those are not stored in our systems. However some personal and business data might have been accessed. We are working closely with authorities and have taken further security measures to mitigate the impact.”
Trevor Morgan is product manager with data security provider comforte AG.
“The trend toward an increasing number of ransomware attacks against high-profile targets in 2022 seems to be moving in the direction that many of us suspected,” he said. “With news that the Italian luxury fashion giant Moncler sustained an attack late last year resulting in stolen files hitting the dark web this week, we can see the organizational characteristics which appeal to threat actors. If your business collects lots of sensitive data about employees, partners or customers, then you are sitting on a gold mine, or oil well, just choose your analogy, that they want to infiltrate. Sure, they want that sensitive information, with which they can do any number of things. But if they can also disrupt business operations with ransomware or other extortion tricks, they multiply their chances of a successful attack.”
If a business is data dependent, it needs to assume it, too, is a target and it’s just a matter of time before somebody internal or external gets their hands on it, Morgan said.
“Squirreling sensitive data away behind protected perimeters won’t cut it anymore as a defensive measure,” he said. “Only robust data-centric security, such as tokenization or format-preserving encryption applied directly to sensitive data elements, can help mitigate the situation if the wrong hands get ahold of your data. These methods obfuscate sensitive information while still preserving the original data format, which means business applications have a better chance of working with that data in a protected state.”
