High-end London jeweller Graff has been the target of a sophisticated hacking attack which has seen the details of the world’s rich and famous stolen.
Sky News has reported that Russian cybercriminal gang Conti was behind the attack and is now allegedly selling around 69,000 documents on the dark web.
Data pertaining to celebrities like David Beckham, Oprah Winfrey, Tom Hanks and Donald Trump was reportedly stolen as part of the hack, but it is claimed that most people involved have nothing to worry about as only their names and addresses have been stolen – details already in the public domain.
The Mail on Sunday, however, reported that client lists, invoices, receipts and credit notes have been taken which could potentially prove damaging to those involved.
Sky News quoted a Graff spokesperson who said: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals.
“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network.
“We notified, and have been working with, the relevant law enforcement agencies and the ICO.
“We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.”
Meanwhile, discussing what companies can do to avoid such attacks, Cyber security expert and CEO of cloud solutions specialist Atech Cloud, Ryan Langley, told Professional Jeweller: “The attack on Graff has highlighted that data is as valuable as diamonds.
“We have seen many companies thinking ‘I’m not a target so I don’t need the solution’. That means you are a target because you weren’t willing to implement the suitable protection.
“Do you know how much your data is worth? That is in the event of an attack. The fines relating to GDPR breaches are not published as often as high-profile attacks such as Graff on celebrity and high net-worth customers, but they are equally crippling.
“Trying to convince people that they need to invest in cybersecurity solutions should be compelling – NHS, Yahoo, Canva and now the latest attack on Graff Diamonds show that there are huge companies, with budget, who have not been willing to invest.
“It’s about trying to convince organisations that they need security that meets the baseline level.
How to protect your company’s data
“How can you put the right controls in place to ensure that data doesn’t transfer? Isolate the data on the application,” Langley continued. “Control access levels, control identities.
“The key objective is Zero Trust and meeting the right controls to achieve Zero Trust. For me, Zero Trust means always assuming a breach, and that’s the mindset to work with.
“Assume you have weak passwords; that there are malicious actors; that there is shadow IT and tenants you don’t have control over.
“By adopting Least Privilege Access – implementing PIM (Privileged Identity Management) – you have full visibility of what users are doing.
“It means that in my environment, I must see everything and I must prove that it doesn’t cause harm in the organisation.
“Hackers will always find a way. Cyber security keeps evolving, it’s a constantly changing area which evolves with times and new technologies.
“New exploits like print spooler are examples of this, and other new exploits emerge every day.
“All you can do is make sure you are up to date and apply updates and patches.
“This means that there is no best way of doing it and no smooth route to a secure destination.
“Cybersecurity isn’t a destination. It’s an approach that we want to make a standard where we are working, and a new way of work which we want to make a standard.
“Zero Trust is an example of a different approach and a different way of being, which allows organisations to be both proactive and effective without losing agility in the face of change.”
Graff is a high-end multinational jeweller based in London. It was founded in 1960 by Laurence Graff and is known for its high-profile clientelle.