Some of the world’s most powerful, wealthy and famous people are thought to have had their personal details stolen by a cybercriminal gang which hacked into the computer systems of exclusive UK jeweller Graff.
The data theft was carried out by Russian group Conti, believed to be based near St Petersburg, which has already leaked 69,000 confidential documents on the so-called dark web, according to reports.
The dark web is the part of the internet which is generally hidden from public view and can only be accessed through special software.
However, it is thought Graff believes the vast majority of people did not suffer any personal data loss – simply their name and address, which are typically available in the public domain from other sources – but not containing details that are considered sufficient to put them at risk of identity theft.
Graff operates at the top end of the diamond jewellery market, with more than 60 retail stores worldwide.
Conti is said to be demanding tens of millions of pounds in ransom money to stop the release of further sensitive information.
Documents including client lists, invoices, receipts and credit notes have been taken, according to the Mail on Sunday.
It reports Conti has claimed the information already published, involving about 11,000 of Graff’s clients, represents just 1% of the files it has stolen.
It said around 600 British customers are among the victims named, including Formula One heiress Tamara Ecclestone and ex-England and Chelsea footballer Frank Lampard.
Other stars on the list reportedly include Hollywood actors Tom Hanks, Samuel L Jackson and Alec Baldwin, who has recently hit the headlines after the accidental fatal shooting of cinematographer Halyna Hutchins on the set of Western film Rust.
The British socialite Ghislaine Maxwell, who is awaiting trial on charges of recruiting underage girls for the late paedophile Jeffrey Epstein, is also listed, according to the Mail.
It adds that Saudi Crown Prince Mohammed bin Salman is listed as a Graff client in Monaco, as is Sheikh Mohammed bin Rashid Al Maktoum, the ruler of Dubai. The prime minister of Bahrain, Salman bin Hamad Al Khalifa, is also named.
Cyber experts believe the extortionists will demand payment either in an untraceable cyber currency such as Bitcoin, or possibly jewels.
The Information Commissioner’s Office (ICO), which can impose multi-million pound fines on companies that fail to keep customers’ data secure, said it was investigating the breach.
A spokesman for the ICO, which can fine firms up to 4% of their turnover, said in a statement to Sky News: “We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be contacting the organisation to make further enquiries in relation to the information that has been provided.”
London-based Graff said it had informed those whose personal data may have been breached.
A Graff spokesperson said: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals.
“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.
“We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.”