A complex December for the Campari group. A new chapter is added to the story of last month’s malware attack in which the company suffered the theft of 2 terabytes of data followed by the threat to publish it if the company did not pay 15 million dollars. With a note the group, which owns the brands Aperol and Grand Marnier, Averna and Cynar, makes it known that it can now confirm that some personal and business data have been compromised. The company reports that the data of 4,736 employees, 1,443 former employees and 1,088 consultants are involved. Among the ‘stolen’ data, name, surname, e-mail address, mobile phone numbers, role and identification number of personnel in the Campari Network. In addition to some contracts, documents and personal data, accounting data mainly referring to the US subsidiary of the group.
–
Overall, this is personal and business information that in technical jargon has been exfiltrated (ie copied to another server), encrypted or hacked. These include, for example, the commercial information and payment details of customers as well as the curricula vitae of candidates and confidential business documents and information (such as analyzes, presentations, accounting). The content of which cannot yet be determined due to the consequences of the attack, the company specifies.
–
Risks and safeguards
Stolen data is a real problem for staff. The loss of confidentiality exposes the employees and former collaborators of the group to improper use of contact data, phishing and fraud attempts, alteration of payment details and consequent payment errors by Campari group. The most classic case is the modification of an Iban code. For this the company has provided a number of security tips which include not responding to suspicious requests or messages and not opening any links unless you are absolutely sure it is from a reliable source. The group then reiterates the attention paid to the investigations which are still ongoing and which aim at securing all servers and end-user devices through hardening measures and through a multifactorial authentication process. In order to prevent unauthorized access. The investigation into potentially acquired or compromised information is continuing and we are in constant contact with data protection authorities as well as fully collaborating with the police forces, Campari conclude.
–
