Graff Jewelers Paid Russian Hackers $7.5 Million to Stop a Leak of Private Client Info, Lawsuit Says
Luxury British jeweler Graff is reeling from a costly cyber-attack.
According to a lawsuit filed in London, the company paid $7.5 million in Bitcoin to the Russian ransomware group Conti to prevent it from leaking information about its high-profile clientele.
Now, the high-society jeweler is suing its insurer, Travelers Companies Inc., saying that the million-dollar loss should be covered under its policy. But Graff says that Travelers is refusing to pay. “We are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk,” a Graff spokesperson told Bloomberg. “They have left us with no option but to bring these recovery proceedings at the High Court.”
The drama began last September when Conti accessed and leaked a tranche of data that included purchase records from Oprah Winfrey and David Beckham, as well as Graff customers in Saudi Arabia, the United Arab Emirates and Qatar—all members of their respective nations’ royal families.
Conti made a formal apology to the royals but proceeded to threaten Graff with leaks of purchase data about other clients in the United States, United Kingdom and European Union.
“Our goal is to publish as much of Graff’s information as possible regarding the financial declarations made by the US-UK-EU neo-liberal plutocracy, which engages in obnoxiously expensive purchases when their nations are crumbling under economic duress,” the group said according to reports at the time.
The hackers demanded a $15 million payment to a Bitcoin wallet to stop the leaks, and by November 3 Conti had accepted the jeweler’s offer for half that amount.
It is not known when or whether Conti cashed the Bitcoin payment, but the global cryptocurrency market has plummeted in recent months. Graff’s $7.5 million payment would have been about BTC 118 last November. Now, however, BTC 118 is worth about $2.3 million.
Still, the payment demonstrates how seriously Graff takes data leaks. “The criminals threatened targeted publication of our customers’ private purchases,” the spokesperson said. “We were determined to take all possible steps to protect their interests and so negotiated a payment which successfully neutralized that threat.”
Whether Travelers will accept responsibility for the payment will be determined in court. Neither the insurance company’s representatives nor its lawyers have commented on the case.
Source: Robb Report