Hacker leaks Cortina Watch’s data online, including customer details and sales tactics
Sign up now: Get ST's newsletters delivered to your inbox
Information leaked on the dark web also included customer data such as contact information, home addresses and dates of birth.
PHOTO: ST FILE
Follow topic:
SINGAPORE - The hacker who stole Cortina Watch’s data
Checks by The Straits Times found that more than 7GB of data, including details of customers, vendors, staff and the public-listed group’s operations, were uploaded on a file-sharing site late on Thursday. The data dump included usernames and passwords for company and staff accounts, with numerous administrator accounts sharing the same password.
Information leaked on the dark web also included customer data such as contact information, home addresses and birth dates. The firm’s inventory of watches, sales orders and sales tactics were also uploaded. Some documents appeared to show how certain luxury watches were priced.
In one spreadsheet titled “repeat and moving slow stock”, a list of watches included a column for “cost”, which had entries in the form of percentages. Several of the entries were below 23 per cent, right next to a column with the header “RSP”, believed to stand for retail sale price.
Another spreadsheet contained a list of several watch models with different prices listed for “retail”, “walk in” and “regular”. One entry listed retail as $48,130, walk in as $75,000, and regular as $73,000.
A file containing sales tactics appeared to explain how salespersons should introduce certain luxury brands during a conversation with customers, and how to convince them to buy using details about the brand’s heritage.
They were also instructed to provide discounts of up to 10 per cent for certain customers and charge a higher price for walk-ins.
The names of at least 12 Malaysian datuks were also part of a customer list from 2021.
Cortina had detected unauthorised activity on one of its servers on Sunday. A hacker who went by the username Bassterlord claimed responsibility for the breach in a tweet the same day. He is reportedly a man in his 20s from Ukraine who heads a hacker group called the National Hazard Agency.
He demanded US$50,000 (S$67,000) to either destroy or return all the data, and gave Cortina a deadline of 6pm on Thursday to negotiate payment.
ST reported on the hack on Monday, and Cortina issued a public statement acknowledging the breach through a filing on the Singapore Exchange on Tuesday.
On Wednesday, Mr Jeremy Lim, the chief executive officer of Cortina Watch, told ST that the company took immediate steps to “identify, contain and address the potential attack on the server” after the breach. Its website has been down since Monday.
Bassterlord claimed in tweets that he had contacted Cortina at least four times over payment, but did not get a reply. After the deadline, he leaked the data on the dark web.
The incident has been reported to the police and the Personal Data Protection Commission (PDPC), which reached out to the firm for more information. The Cyber Security Agency contacted the company to offer assistance. Cortina has also notified all parties whose data was affected by the breach.
Cortina Watch was founded in 1972 as a small shop in Colombo Court, in North Bridge Road, by group executive chairman Anthony Lim. It has since expanded to more than 40 stores across Asia.
According to its annual report, the group’s total revenue grew 64.1 per cent to $716.9 million in 2022, with a net profit of $73.8 million.
The retailer carries more than 50 luxury brands, including Rolex and Patek Philippe.
In response to more queries from ST, a spokesman for Cortina said on Friday night that it would not be sharing information regarding the hacker’s demands as the case is under investigation.
“As for payment of ransom, the company will abide by the recommendations of the Singapore authorities, who generally do not encourage victims of ransomware to pay the ransom,” she said. “The group has already reported the matter to the relevant authorities, including the Singapore Police Force and the PDPC and we will give them our full cooperation.”
Although Cortina did the right thing by not engaging with the hacker, Ms Joanne Wong, vice-president of international markets at cyber-security firm LogRhythm, stressed that “prevention is better than cure”.
She said: “In this digital environment, it is critical for companies to take up a preventive approach to cyber security. No industry is completely immune to cyber attack, and virtually every sector... faces the risk of an attack.”
She said the leaked information, including the purported pricing mark-ups, could influence customers’ purchasing decisions and impact the retailer’s reputation.
At the same time, she said affected customers needed to act decisively and pay extra attention to any possible scams or phishing attempts they could receive in the aftermath.
“As a customer of Cortina Watch myself, the safety of my data is a top concern. Since personal information such as date of birth, contact details and addresses are now freely available, affected customers can expect a higher level of threat of targeted attacks such as spear phishing or identity theft.”
To better protect themselves, she advised customers against clicking on any multi-factor authentication pop-ups that they did not activate, as well as changing their passwords for their online accounts.
She also recommended activating two-factor authentication to ensure an additional layer of security, as well as keeping a close eye on their bank accounts and credit cards for any suspicious activities or unauthorised transactions.
