SINGAPORE – The hacker who stole Cortina Watch’s data by illegally accessing one of its servers has carried out a threat to release the information online, including customers’ contacts and addresses.
Checks by The Straits Times found that more than 7GB of data, including details of customers, vendors, staff and the public-listed group’s operations, were uploaded on a file-sharing site late on Thursday.
The data dump included usernames and passwords for company and staff accounts, with numerous administrator accounts sharing the same password.
Information leaked on the dark web also included customer data such as contact information, home addresses and dates of birth. The firm’s inventory of watches, sales orders and sales tactics were also uploaded.
According to one file, certain luxury watches appeared to be marked up significantly and cost as low as 22 per cent of the sale price.
Another file containing sales tactics explained how salespersons should introduce certain luxury brands during a conversation with customers, and how to convince them to buy using details about the brand’s heritage.
They were also instructed to provide discounts of up to 10 per cent for certain customers and charge a higher price for walk-ins.
The names of at least 12 Malaysian Datuks were also part of a customer list from 2021.
Cortina had detected unauthorised activity on one of its servers on June 4. A hacker who goes by the username Bassterlord claimed responsibility for the breach in a tweet the same day.
He is reportedly a man in his 20s from Ukraine who heads the hacker group called the National Hazard Agency.
Bassterlord demanded US$50,000 (S$67,000) to either destroy or return all the data, and gave Cortina a deadline of 6pm on June 8 to negotiate payment.
ST reported on the hack on June 5, and Cortina issued a public statement acknowledging the breach through a filing on the Singapore Exchange on June 6.
On June 7, Mr Jeremy Lim, the chief executive officer of Cortina Watch, told ST that the company took immediate steps to “identify, contain and address the potential attack on the server” after the breach. Its website has been down since June 5.