A notorious ransomware cartel has claimed the French luxury skincare behemoth Clarins Group after the company’s data was allegedly uploaded to the gang’s dark web blog.
Clarins’ data was apparently posted on the Everest ransomware gang’s blog. The attackers claimed that they obtained details of over 600,000 of the company’s customers. Cybercriminals claim that the information covers the company’s customers in the USA, France, and Canada.
Clarins is a major maker of luxury skincare products, with a large footprint in the European and American markets. The Paris-headquartered company’s yearly revenue is estimated to hover around €2 billion ($2.35 billion), while Clarins’ staff is estimated to stand at around 8,000 people.
We have reached out to Clarins for comment and will update the article once we receive a reply.
What details did the alleged Clarins data breach reveal?
The Cybernews research team looked into the attackers’ dark web post, concluding that so far, only several screenshots of the supposedly stolen data were uploaded as proof. According to the team, the screenshots are supposed to reveal a sample of a database with end users’ data.
The information reveals the following details about customers:
- Names
- Dates of birth
- Addresses
- Phone numbers
- Email addresses
“They also claim to have a "variety of personal documents and information [of end users]" but do not provide any samples to support these claims. However, the data included in the samples likely originates from Clarins online stores for different regions,” the team explained.
The attackers also shared information from two more databases. The revealed details encompass information that most online shops require from their users, including purchase histories from different categories, like skincare and makeup.
Researchers believe that attackers could utilize the details for malicious purposes, including phishing attacks that attempt to peddle malware or obtain personal user information.
“The usual threats in these cases include phishing attacks and spam. However, it is worth noting that an extensive data scope, like in this case, could be useful for malicious actors. Personal identifiers enable other impersonation crimes such as tax return fraud or general identity theft,” the team explained.
Who is the Everest ransomware gang?
The Everest gang, believed to be Russia-linked, was first spotted in 2021. The gang first made headlines after the October 2022 attack on the American telecommunications behemoth AT&T. At the time, Everest said it had access to AT&T’s entire corporate network.
More recently, Everest claimed responsibility for an attack on Allegis Group, a multi-billion-dollar talent management group.
The gang has also targeted Coca-Cola’s Middle East division, eventually leaking the data of nearly 1000 employees. It also claimed a data breach of Crumbl, the North American gourmet cookie shop chain.
According to Cybernews’ dark web monitoring tool, Ransomlooker, Everest has victimized over a hundred organizations over the past 12 months, making it one of the most notorious cybercrime cartels.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked