According to a Bloomberg report on Wednesday, Graff’s security systems were exploited by the notorious Russian hacking gang Conti in September 2021. The breach allowed the group to access data belonging to “high-end” customers, including U.S. former President Donald Trump and the royal families in Saudi Arabia, UAE, and Qatar.
After the attack, Conti published 69,000 documents containing the private information of Graff’s clients while threatening to release more if the billion-dollar jewelry brand did not pay $15 million in Bitcoin.
In November 2021, Graff paid the gang 118 BTC (worth $7.5 million at the time), half of the amount initially requested. The company said it had to pay the ransom to protect its customers.
“The criminals threatened targeted publication of our customers’ private purchases. We were determined to take all possible steps to protect their interests and so negotiated a payment which successfully neutralized that threat,” a Graff spokesperson said.
After the incident, the company expected its insurer to cover the losses it incurred from the attack because it was an “insured risk.” However, Graff is yet to receive indemnity from Travelers.
“We are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk. They have left us with no option but to bring these recovery proceedings at the High Court,” the jeweler said.
Meanwhile, Bitcoin ransomware attacks have become common over the past few years.
In May 2021, Elliptic, a blockchain security and analytics company, revealed that the infamous cybercriminal group DarkSide received $90 million in ransomware payments.