Bling slinger Cartier tells customers to be wary of phishing attacks after intrusion – Source: go.theregister.com

Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.

The notification email, seen by The Register, said: “We are writing to inform you that an unauthorized party gained temporary access to our system and obtained limited client information. 

“We contained the issue and have further enhanced the protection of our systems and data. We have also informed the relevant authorities and are working with leading external cybersecurity experts.”

The Register contacted Cartier to ask how many customers are affected, and whether ransomware or extortion was involved in the attack, but the company did not immediately respond.

In the grand scheme of data thefts, this one doesn’t sound all that bad. The bling slinger told customers that “this incident may have affected some of your information,” including only names, email addresses, and countries.

For the many people who have an online presence, this basic level of personal data may been scooped up in prior attacks on other organizations, languishing in some dark web marketplace and likely available cheaply.

It’s so basic, in fact, that it could even be found using open source means – no Tor necessary.

Cartier’s email confirmed that nothing too sensitive was stolen. “The affected information did not include any passwords, credit card details, or other banking information,” the email stated.

Despite the theft not sounding extensive, customers were nevertheless urged to remain vigilant for strange, unexpected, or otherwise suspicious communications – standard procedure for these types of things.

• US community bank says thieves drained customer data through third party hole
• Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
• ConnectWise customers get mysterious warning about ‘sophisticated’ nation-state hack
• US medical org pays $50M+ to settle case after crims raided data and threatened to swat cancer patients

“The confidential nature of our relationship with you is very important to us and we regret any inconvenience that this may cause you,” the email went on to say. 

“We wish to reassure you that the safety and security of your personal information remains a priority for us.”

Cartier’s attack follows a wave of major brands disclosing digital break-ins.

Adidas said it was the victim of a similar attack last week, with only basic personal data stolen. Days later, Victoria’s Secret’s website was downed due to a “security incident” which the company refused to specify when we asked, and that’s on top of three major UK retailers succumbing to massive cyber-related disruption last month. ®