{ "id": "44d48fad-516c-4050-a459-b861e3d87379", "created_at": "2026-04-06T00:08:33.172786Z", "updated_at": "2026-04-10T03:29:40.128038Z", "deleted_at": null, "sha1_hash": "f7ed2d5b16ecf94d5fd298a2de82523de0b8ab9a", "title": "Fashion giant Moncler confirms data breach after ransomware attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2173614, "plain_text": "Fashion giant Moncler confirms data breach after ransomware attack\r\nBy Bill Toulas\r\nPublished: 2022-01-18 · Archived: 2026-04-05 22:06:44 UTC\r\nItalian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the\r\nAlphV/BlackCat ransomware operation in December and published today on the dark web.\r\nThe attack unfolded in the final week of 2021 when the luxury fashion brand announced an interruption in its IT services but\r\nassured that the attack would result in nothing more than a temporary outage.\r\nTen days after that, the company released an update on the situation, reactivating its logistic systems and prioritizing e-commerce shipments that had been delayed in shipping.\r\nhttps://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nToday, in a statement shared with Bleeping Computer, Moncler confirmed that some data related to its employees, former\r\nemployees, suppliers, consultants, business partners, and customers was leaked today by the AlphaV (BlackCat) ransomware\r\noperation.\r\nMoncler states that they rejected the prospect of paying a ransom demand as it goes against its founding principles, leading\r\nto the publishing of the stolen data.\r\n“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of\r\npayment have been exfiltrated, as the company does not store such data on its systems.” explains the statement shared with\r\nBleepingComputer.\r\nMoncler also warned that the further possession or distribution of the stolen data would be considered a criminal offense.\r\n\"Moncler reminds that all information in the possession of cybercriminals is the result of illegal activities and that\r\nconsequently, the acquisition, use and dissemination of the same constitutes a criminal offense.\" - Moncler.\r\nFinally, the company reiterated that they have informed company stakeholders and the Italian Data Protection Authority\r\nabout the attack.\r\nAn ALPHV BlackCat victim\r\nMoncler Group is one of the first ALPHV (BlackCat) ransomware victims, a new Ransomware-as-a-Service (RaaS)\r\noperation launched at the beginning of December 2021.\r\nOur analysis of the ransomware categorized it as the most sophisticated RaaS of last year, mainly due to its robust\r\noperational structure, features, and thought-out approach to all stages of the ransomware attack.\r\nToday, the ALPHV ransomware gang published Moncler's data on their data leak and also indicated that they demanded $3\r\nmillion not to publish the data.\r\nFrom screenshots shared on the site, the stolen data includes earning statements, spreadsheets with what appears to be\r\ncustomer information, invoices, and other documents.\r\nhttps://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/\r\nPage 3 of 4\n\nMoncler data leak page on ALPHV Tor site\r\nThe ransomware gang is now attempting to sell the data of \"rich customers\" to other threat actors.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/" ], "report_names": [ "fashion-giant-moncler-confirms-data-breach-after-ransomware-attack" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434113, "ts_updated_at": 1775791780, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f7ed2d5b16ecf94d5fd298a2de82523de0b8ab9a.pdf", "text": "https://archive.orkl.eu/f7ed2d5b16ecf94d5fd298a2de82523de0b8ab9a.txt", "img": "https://archive.orkl.eu/f7ed2d5b16ecf94d5fd298a2de82523de0b8ab9a.jpg" } }