FatFace Cyber Attack

We have created a report on the recent FatFace cyber attack. Read on to find out what happened and why.

When: Breached on 17th January 2021. (Reported to customers on 23rd March 2021.)

What: Names, addresses, last 4 digits of payment card, and the bank details and NI numbers of internal staff.

Who: Customers & staff.

How much: Originally £5.8 million requested, £1.45 million paid in Bitcoin.

How: FatFace were a victim of a cyber-attack when “Conti Ransomware Group” were successful in their attempts to enter their network. A member of staff opened a ransomware phishing email link which executed malicious code (read about our Penetration Testing.) From there, the hackers were able to give themselves general administrative rights and move laterally through the network. Crucially they gained access to the backup servers. Conti Ransomware Group then encrypted and stole around 200GB worth of data, leaving the business completely locked out of systems with no backup.

The sophisticated hackers even have a payment support team who assisted in paying the ransom in bitcoin. A transcript of the “Support Conversation” revealed they dug out FatFaces cyber security insurance information from the stolen data and found out the amount they were insured for (£7.5 million), stating “I’m unsure how this can break you when you’re insured for that much”.

FatFace then negotiated with the hackers over the initial demand of £5.8 million explaining that their sales had slumped due to retail closures during COVID19… to which the “Support Agent” explained that their “online sales look pretty nice to me”. FatFace then agreed to pay the sum of £1.45 million in bitcoin for the safe return of their data.

FatFace issued an email to affected customers 2 months after the incident explaining what details had been leaked. They asked to keep this information “Strictly Private & Confidential”.

Are you concerned about your company email security? Contact us on 01743 636 562 or email help@protecture.co.uk