Cyber Incident Victim: Graff
Date:
Oct 2021
Location:
United Kingdom
Summary
A multinational jeweler was targeted by the Conti ransomware group, compromising sensitive client data including purchase histories and personal details of high-profile individuals. The attackers leaked 69,000 documents—approximately 1% of stolen files—as proof of the breach, threatening further exposure unless a multi-million ransom was paid. Impacted customers included global figures such as political leaders and celebrities, with potential reputational risks due to sensitive transactional information. The victim swiftly shut down its network upon detection, collaborated with law enforcement, and notified affected clients while restoring systems within days without permanent data loss. Conti, known for aggressive tactics, leveraged the leak to pressure payment, amplifying privacy concerns for exposed individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 15, 2021, the Conti ransomware gang executed a cyber attack against Graff, a multinational jeweler catering to high-profile clients. Graff’s security systems detected the intrusion, prompting immediate network shutdown to contain the breach. The attackers exfiltrated approximately 69,000 confidential documents containing customer lists, invoices, receipts, and credit notes. Conti subsequently published a subset of these files on its leak site as proof of compromise, including records of purchases made by David Beckham, Oprah Winfrey, and Donald Trump. The gang claimed the leaked data represented only 1% of stolen materials, threatening to release additional files unless Graff paid a multi-million dollar ransom. Conti further suggested the data could expose sensitive personal relationships among elite clients, implying potential blackmail opportunities against individuals if the ransom remained unpaid.
Graff notified UK law enforcement agencies and the Information Commissioner’s Office (ICO) following the attack. The company rebuilt its systems within days, reporting no permanent data loss. Affected customers received direct notifications about the breach alongside guidance on protective measures. Conti’s leak site attracted thousands of visitors seeking access to the published documents, amplifying reputational risks for both Graff and its clientele. The incident impacted approximately 11,000 customers, with compromised data extending beyond financial transactions to include personal identifiers. At the time of reporting, Graff had not publicly confirmed whether it negotiated with or paid the ransom. The Conti group, known for targeting high-value entities like healthcare organizations, leveraged its ransomware-as-a-service model, where operators retain 20-30% of ransom payments from affiliate-driven attacks.