Cyber Incident Victim: Sferra Fine Linens

Sferra Fine Linens, a luxury textile company established in 1891, disclosed a cybersecurity incident on August 19, 2022, impacting personal information. The company detected unauthorized access to its servers on April 24, 2022, concluding that threat actors maintained access for approximately two weeks prior to discovery. Compromised data included names, addresses, birth dates, passport details, driver’s license information, Social Security numbers, financial account data, medical and health insurance records, electronic signatures, and account credentials. The nature of the exposed information strongly indicated that affected individuals were primarily employees rather than customers. Sferra did not disclose the exact number of impacted persons but emphasized that its e-commerce platforms and associated systems remained unaffected by the breach.

The company initiated individual notifications on the disclosure date but provided no public details regarding containment measures, forensic investigations, or whether law enforcement was engaged. SecurityWeek’s review of prominent ransomware group leak sites found no claims of responsibility associated with the incident, leaving the attacker’s identity and motives unconfirmed. The breach exposed highly sensitive categories of personal data, creating significant risks of identity theft and financial fraud for affected employees. Sferra’s four-month gap between detection (April 24) and public disclosure (August 19) was not explained in the announcement. No information was released regarding credit monitoring services, password resets, or other remediation offered to victims. The incident highlighted vulnerabilities in Sferra’s internal systems while sparing its customer-facing sales infrastructure.