{
	"id": "3c399a27-bc3d-4251-a4da-9e281ce70050",
	"created_at": "2026-04-06T00:11:58.929188Z",
	"updated_at": "2026-04-10T03:21:02.779246Z",
	"deleted_at": null,
	"sha1_hash": "84507b1db530e0b52dde38e076b9df66b541feb2",
	"title": "FatFace sends controversial data breach email after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2985370,
	"plain_text": "FatFace sends controversial data breach email after ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-03-27 · Archived: 2026-04-05 18:19:25 UTC\r\nBritish clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a\r\nransomware attack earlier this year.\r\nThis week, customers began receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace,\r\nhad suffered a data breach after a cyberattack on January 17th, 2021.\r\nAccording to the notification, threat actors gained access to FatFace's network and systems and accessed customer data. This\r\ndata customers' names, email addresses, mailing addresses, and partial credit card information (last four digits and expiration\r\ndate).\r\nhttps://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nWhat was controversial about the data breach notification is that it told recipients to \"Please do keep this email and the\r\ninformation included within it strictly private and confidential.\"\r\nBleepingComputer has covered many data breaches. We have never seen a company asking a user to keep a data breach\r\nconfidential and likely has no power to make that request.\r\nAs you can imagine, this single sentence led to quite an uproar on Twitter, with users baffled that the notification would\r\ninclude that type of language.\r\nIt's a bit rich that @FatFace wait two months to inform their \"valued customers\" of a serious data breach and tell\r\nus to keep the email and information included in it strictly private and confidential!\r\n— Moira M  (@reiver_rover) March 24, 2021\r\nWhile many felt that FatFace was trying to keep the data breach under wraps, it turns out there was much more to the story.\r\nData breach caused by a ransomware attack\r\nAccording to Computer Weekly, the data breach was caused by a Conti ransomware attack in January 2021.\r\nA ransom note found by Valéry Marchive of ComputerWeekly's sister-publication LeMargIT allowed the publication to\r\nreview a ransom negotiation between FatFace and the ransomware gang.\r\nAs is common in today's ransomware attacks, the threat actors reviewed the victim's financial data before deploying the\r\nransomware. This review provided insight into the company's finances, including FatFace's cyber insurance coverage, which\r\nthe threat actors brought up during the negotiations.\r\nWhile Conti originally asked for $8.5 million, the negotiations ultimately led to a payment of $2 million to gain access to a\r\ndecryption key and a promise not to leak the 200GB of stolen data.\r\nThe threat actors stated that they gained access to an internal FatFace workstation via a phishing attack on January 10th,\r\n2021, where they then spread laterally through the network.\r\n\"From there, the team was able to obtain general administrative rights and began to move laterally through the network,\r\nidentifying the retailer’s cyber security installations, Veeam backup servers and Nimble storage. The ransomware attack\r\nitself was executed on 17 January and saw more than 200GB of data exfiltrated,\" Computerweekly reported.\r\nThe Conti gang also provided the victim with a report on how to better protect their network, including email filtering,\r\nphishing awareness tests, better Active Directory password policies, EDR technology, and an offline backup strategy.\r\nWhen contacted by ComputerWeekly, FatFace confirmed the ransomware attack and said they reported it to law\r\nenforcement and the Information Commissioner’s Office (ICO).\r\n“FatFace was unfortunately subject to a ransomware attack which caused significant damage to our\r\ninfrastructure.\" -FatFace.\r\nhttps://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/"
	],
	"report_names": [
		"fatface-sends-controversial-data-breach-email-after-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434318,
	"ts_updated_at": 1775791262,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/84507b1db530e0b52dde38e076b9df66b541feb2.pdf",
		"text": "https://archive.orkl.eu/84507b1db530e0b52dde38e076b9df66b541feb2.txt",
		"img": "https://archive.orkl.eu/84507b1db530e0b52dde38e076b9df66b541feb2.jpg"
	}
}