A prolific ransomware group has claimed to have exposed the data of over 600,000 customers of luxury French skincare company, the Clarins Group. According to Cybernews, whose research team examined the dark web post by the hacking group, the sample data contains customer details including names, birth dates, addresses, phone numbers and email addresses from the company’s customers across the U.S., France and Canada.
Though the hackers from the notorious Everest group claim to have “a variety of personal documents and information," so far the data only shows info that would likely be accessed from online stores across multiple regions. The data is the kind of information that customers often provide when signing up to purchase products online, or when signing up for loyalty programs. The hacking group did share more information from two additional databases but those details have information that would appear to come from online shops such as purchase histories of skincare and makeup products.
While it may not appear to be particularly damaging information on the surface, this supposedly exposed data could be repurposed to carry out other malicious actions such as phishing attacks, used to spread malware or used to obtain further user data that could then be used for identity theft. The Cybernews team that investigated the posted data stated that “The usual threats in these cases include phishing attacks and spam…Personal identifiers enable other impersonation crimes such as tax return fraud or general identity theft.”
The Everest ransomware group is believed to have been around for at least four years and first came to notoriety back in October 2022 attack against AT&T. There has been no claim for ransom for the Claris Groups data so far, that has been reported. According to one dark web monitoring tool, Everest has hit over a hundred organizations in the past 12 months.
Clarins, a luxury skincare company and popular in Europe and American markets, is headquartered in Paris with an annual revenue of roughly $2.35 billion, making it an attractive target. It employs around 8,000 people which also means there are a number of methods by which threat actors could apply potential social engineering attacks.
How to stay safe after a data breach
Anyone who has been involved in a data breach should make sure to invest in one of the best identity theft protection services. Doing so before falling victim to a data breach is ideal as you'll be able to take full advantage of the identity theft insurance offered by one of these services to recover any lost funds.
In this case, it's important to be on high alert for phishing attempts – specifically look out for any emails that sound urgent and want you to “act now” to fix an issue, to provide additional personal or financial details, or need you to correct an account problem. It's also important to stay vigilant against social engineering attacks and to monitor your accounts for suspicious activity. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in emails or messages from unknown senders.
From there, you want to make sure you're protected from online scams and hacks by using one of the best antivirus programs on all your devices, and when you're online, use protections like a VPN or a hardened browser, which can help keep you and your devices safe from malware and other online threats.
As for this potential attack against the Claris Group, we'll be following this one closely to see if the hackers claiming responsibility are really behind it and do have access to stolen customer data. We'll update this piece if and when we find out more.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
More from Tom's Guide
- 7 iPhone security settings you should enable right now to lock down your smartphone
- Those urgent text messages aren't from your motor vehicle department - here's how to tell they're fake
- This new Android banking trojan can automatically transfer money off your phone to hackers
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
