Hacker steals luxury retailer Cortina Watch’s data, including customer details
Hackers have struck another company in Singapore just one week after the data of more than 40,000 Goldheart customers was leaked online.
The latest incident involves a hacker, who goes by the username Bassterlord, who claimed in a tweet that he had managed to steal 2GB worth of data from luxury retailer Cortina Watch.
He appears to be holding the company to ransom, and in the tweet said: “I don’t think very rich clients will want their addresses to be public.”
The hacker also shared on Twitter a sample of the data, which contains contact details of customers, including their names and e-mail addresses.
The stolen data appears to have been gleaned from the contact form the company uses on its website. The data was stored on Cortina Watch’s servers, which have been compromised.
Bassterlord is reportedly a man in his 20s from Ukraine, and is the head of the hacker group called the National Hazard Agency.
According to cyber-security firm Analyst1, Bassterlord deals mainly in ransomware, and is linked to at least four major ransomware gangs.
Cortina Watch was founded in 1972 as a small shop in Colombo Court, in North Bridge Road, by group executive chairman Anthony Lim.
Since then, the company has expanded to more than 40 stores across Asia.
According to its annual report, the group’s total revenue shot up 64.1 per cent to $716.9 million in 2022, with a net profit of $73.8 million.
The retailer carries more than 50 luxury brands, including Rolex and Patek Philippe.
The company’s website was down as at 5pm on Monday. When contacted by The Straits Times, a representative of the company’s head office said its IT team has been working on a solution.
She added that the e-mail servers were down.
ST has contacted the Cyber Security Agency and Personal Data Protection Commission (PDPC) Singapore, which is investigating the Goldheart breach, for comment.
The incident follows a number of security breaches involving companies in Singapore.
On May 24, Goldheart discovered that its e-commerce site was compromised.
The jeweller immediately suspended the site to prevent any further illegal access, said Mr Kean Ng, chief executive officer of Aspial Lifestyle, which owns Goldheart.
In a statement on Monday, Mr Ng said that Goldheart also notified its customers and the PDPC, and made a police report.
“Forensic analysis has, to date, identified that personal data was compromised due to illegal and suspicious activities from an external party who has targeted our e-commerce website,” he added.
The compromised data included customers’ names, addresses, e-mail addresses, dates of birth and phone numbers.
Mr Ng said that no financial data or passwords were accessed or retrieved by the hackers.
“Due to the nature of the compromised data, we believe there is limited risk of fraudulent activity for those affected,” he added.
“That said, we have asked all affected customers to take all necessary precautions, including ensuring that e-mails received are from legitimate senders and to review e-mail links carefully.”
In May, the PDPC noted in a written judgment that the Law Society had “negligently breached” its obligation to protect personal information, which resulted in a ransomware attack that compromised the information of 16,009 members in 2021.
Singapore’s privacy watchdog has also fined online furniture store FortyTwo $8,000 for a data breach which resulted in the personal particulars of 6,339 customers being leaked.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now