A massive “virtual heist” has been carried out on exclusive London-based jewellery firm Graff, with the criminals now demanding a multi-million ransom, reported The Daily Mail.
It was not diamonds the infamous Conti gang of hackers, which purportedly claimed responsibility for the audacious attack, was after, but personal details of world leaders, Hollywood A-listers and billionaire tycoons. The cyber criminal outfit is suggested as operating from Russia by some media outlets.
The plundered documents reportedly include client lists, shipping and billing addresses, invoices, receipts and credit notes, offering a treasure-trove of potentially sensitive information about the customers.
The online ransomware raid reportedly targeted a client database containing such internationally-known high-profilers as ex-US President Donald Trump and his wife, former First Lady Melania Trump, Hungarian-born American billionaire investor George Soros, Saudi Crown Prince Mohammed bin Salman, and Sheikh Mohammed bin Rashid Al Maktoum, ruler of Dubai.
The prime minister of Bahrain, Salman bin Hamad Al Khalifa, and former prime minister of Qatar, Sheikh Bin Jabr Al Thani Hamad Bin Jassim, were also believed to have been listed as Graff clients.
Also claimed to feature in the leak are television chat show host Oprah Winfrey, Hollywood stars Tom Hanks, Samuel L Jackson, Alec Baldwin, singer Tony Bennett.
Some 600 British customers are said to be among the victims of the attack, including American-British businessman, investor, and philanthropist Sir Len Blavatnik, the wealthiest man in the UK as of May 2021, football celebrities David Beckham and Frank Lampard, Formula One heiress Tamara Ecclestone, former Topshop boss British businessman Sir Philip Green.
David and Victoria Beckham take their seats in St George's Chapel before the wedding ceremony of Britain's Prince Harry, Duke of Sussex and US actress Meghan Markle in St George's Chapel, Windsor Castle, in Windsor, on May 19, 2018.
© AP Photo / Danny Lawson
British socialite Ghisaline Maxwell, currently behind bars and awaiting trial on charges of recruiting underage girls for the late pedophile Jeffrey Epstein, is also listed as one of the clients of the hacked firm, according to the report.
The criminals, said to have leaked around 69,000 confidential documents onto the “dark web” already, are reported as claiming the released data is but a mere one per cent of the files it stole linked to about 11,000 of Graff's clients.
The cyber group is believed to be demanding millions in ransom money to stop any further release of data and could demand payment either in cyber currency such as Bitcoin or, possibly, in jewels.
“Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals. We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO. We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take,” a spokesperson for Graff, was cited as saying.
The hackers are believed to have gained access to Graff's files by sending an email, with a staff member subsequently opening a file containing a sophisticated ransomware computer virus allowing to bypass any anti-virus software or firewall. Once this was done, claim cited cyber experts, the hackers would have been able to use the so-called “back door” to steal the company's data.
“Given the profile of the customer database, this is absolutely massive. This is going to bring the highest levels of international law enforcement down on the gang, and that's going to give them a whole lot of headaches in trying to get the ransom paid and then get away with it,” Philip Ingram, a former British military intelligence officer was cited by the outlet as saying.
The British multinational jeweler, was founded by Laurence Graff in 1960, according to its latest accounts posted a revenue of an estimated £450 million ($615 million) in 2019, stated that it had been able to “rebuild and restart our systems within days – crucially with no irretrievable loss of data.”
The Information Commissioner's Office (ICO), said it was investigating the breach of customer data.