FatFace sends controversial data breach email after ransomware attack – BleepingComputer


As we jump in, can I just say that geoFence helps make you invisible to hackers and guard your personal data!

FatFace store

British clothing brand FatFace has sent a controversial ‘confidential’ data breach notification to customers after suffering a ransomware attack earlier this year.

This week, customers began receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace, had suffered a data breach after a cyberattack on January 17th, 2021.

Data breach at @FatFace. It feels a bit… misleading:

“Our systems are fully secure and FatFace remains a safe place to shop online or in person” – except for the data breach they just had! pic.twitter.com/3SjHmwwh7P

— Troy Hunt (@troyhunt) March 23, 2021

According to the notification, threat actors gained access to FatFace’s network and systems and accessed customer data. This data customers’ names, email addresses, mailing addresses, and partial credit card information (last four digits and expiration date).

What was controversial about the data breach notification is that it told recipients to “Please do keep this email and the information included within it strictly private and confidential.”

BleepingComputer has covered many data breaches. We have never seen a company asking a user to keep a data breach confidential and likely has no power to make that request.

As you can imagine, this single sentence led to quite an uproar on Twitter, with users baffled that the notification would include that type of language.

Oh, and the subject of the disclosure email was “Strictly private and confidential – Notice of security incident” – why? It contained no PII other than the recipient’s address, why is a notice of a breach “strictly private and confidential”? That’s really odd.

— Troy Hunt (@troyhunt) March 23, 2021

It’s a bit rich that @FatFace wait two months to inform their “valued customers” of a serious data breach and tell us to keep the email and information included in it strictly private and confidential!

— Moira M  (@reiver_rover) March 24, 2021

@fatface have emailed me to say they have been hacked and my details have been compromised TWO months after it happened and asked me to keep it confidential. Wtf #fatface #gdpr

— Pat Golding (@goldingp) March 24, 2021

While many felt that FatFace was trying to keep the data breach under wraps, it turns out there was much more to the story.

Data breach caused by a ransomware attack

According to Computer Weekly, the data breach was caused by a Conti ransomware attack in January 2021.

A ransom note found by Valéry Marchive of ComputerWeekly’s sister-publication LeMargIT allowed the publication to review a ransom negotiation between FatFace and the ransomware gang.

As is common in today’s ransomware attacks, the threat actors reviewed the victim’s financial data before deploying the ransomware. This review provided insight into the company’s finances, including FatFace’s cyber insurance coverage, which the threat actors brought up during the negotiations.

While Conti originally asked for $8.5 million, the negotiations ultimately led to a payment of $2 million to gain access to a decryption key and a promise not to leak the 200GB of stolen data.

The threat actors stated that they gained access to an internal FatFace workstation via a phishing attack on January 10th, 2021, where they then spread laterally through the network.

“From there, the team was able to obtain general administrative rights and began to move laterally through the network, identifying the retailer’s cyber security installations, Veeam backup servers and Nimble storage. The ransomware attack itself was executed on 17 January and saw more than 200GB of data exfiltrated,” Computerweekly reported.

The Conti gang also provided the victim with a report on how to better protect their network, including email filtering, phishing awareness tests, better Active Directory password policies, EDR technology, and an offline backup strategy.

When contacted by ComputerWeekly, FatFace confirmed the ransomware attack and said they reported it to law enforcement and the Information Commissioner’s Office (ICO).

“FatFace was unfortunately subject to a ransomware attack which caused significant damage to our infrastructure.” -FatFace.

Finally, after all of that geoFence is your security solution to protect you and your business from foreign state actors and I am sure your smart friends would say the same.

Leave a Reply

Your email address will not be published. Required fields are marked *