5-6-2023 (SINGAPORE) Another Singaporean company has fallen victim to a cyberattack, just one week after the data of over 40,000 Goldheart customers was leaked online. This time, luxury retailer Cortina Watch has been targeted by a hacker known as Bassterlord, who claimed on Twitter to have stolen 2GB of data from the company.
Bassterlord, believed to be a man in his 20s from Ukraine and the leader of the hacker group National Hazard Agency, appears to be holding Cortina Watch to ransom. In a tweet, he warned that wealthy clients may not want their addresses to be made public. As proof of the breach, the hacker shared a sample of the stolen data on Twitter, which includes customers’ contact details such as names and email addresses.
The compromised data seems to have been obtained from the contact form on Cortina Watch’s website, as it was stored on their compromised servers. Analysts from cybersecurity firm Analyst1 have identified Bassterlord as primarily involved in ransomware activities and linked him to several major ransomware gangs.
Founded in 1972, Cortina Watch began as a small shop in Colombo Court on North Bridge Road and has since expanded to over 40 stores across Asia. In 2022, the company reported a substantial increase in total revenue, reaching $716.9 million, with a net profit of $73.8 million. Known for carrying more than 50 luxury brands, including Rolex and Patek Philippe, Cortina Watch has established itself as a prominent luxury watch retailer.
As of Monday, the company’s website was inaccessible, and a representative from the head office stated that the IT team was working on resolving the issue. The email servers were also reported to be down.
The Straits Times reached out to the Cyber Security Agency and the Personal Data Protection Commission (PDPC) Singapore, which is currently investigating the Goldheart breach, for comments on the latest cyberattack against Cortina Watch.
This incident adds to the growing number of security breaches targeting companies in Singapore. Just last month, Goldheart discovered that its e-commerce site had been compromised, leading the company to suspend the site and notify customers and the PDPC. The compromised data from Goldheart included customers’ personal information such as names, addresses, email addresses, dates of birth, and phone numbers. However, financial data and passwords were not accessed by the hackers.
The PDPC has recently highlighted negligence in data protection, as evidenced by a ransomware attack on the Law Society in 2021, which exposed the personal information of 16,009 members. Additionally, the online furniture store FortyTwo was fined $8,000 by Singapore’s privacy watchdog for a data breach that exposed the personal details of 6,339 customers.
