Graff is a London-based company specializing in designing, manufacturing, and distributing watches and jewelry. It was founded in 1960 by Laurence Graff, whose son, Francois Graff, is the current CEO.
The breach was an attack on the clientele database of the company, resulting in the compromise of the credentials and personal information of the most popular and famous of Graff’s clients. Graff serves all manner of celebrities, from American actors and English football players, to Saudi royalty; there seems to be no limit to Graff’s clients.
This breach occurred via a ransomware attack. The information was encrypted and removed from the system. Luckily, Graff had all of its data in backup files and was able to restore the missing data. Still, the company paid a $7.5 million Bitcoin ransom to the hackers, who claim to be the Russian hacker group, Conti.
This breach occurred in September 2021.
The breach is impacting high-profile Graff Diamonds customers. Some of the biggest names include David Beckham, Samuel L. Jackson, Oprah Winfrey, and Saudi Crown Prince Mohammed bin Salman, among many others. The stolen data included the victim’s names, shipping addresses, items bought, and the cost of said items.
There hasn’t been a specific number of files released. However, we know that 69,000 documents are floating on the dark web, and that’s only supposed to be a tiny percentage of the affected customers.