Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web.

The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. 

Attackers hit Moncler in the final week of 2021, causing a temporary outage of its IT services which delayed shipments of goods ordered online.

Some data stolen in the incident was published online on Tuesday after Moncler refused to pay a ransom to its attackers. 

Data compromised in the security incident relates to Moncler employees, former employees, suppliers, consultants, business partners and some customers registered on the company’s website.

Moncler said in a statement: “​While the investigation related to the attack is still ongoing, Moncler confirms that the stolen information refers to its employees and former employees, some suppliers, consultants and business partners, as well as customers registered in its database. 

“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems.”

The fashion brand said that the brief interruption to the logistical side of its operation had not put a major dent in its profits. 

“Data breaches are part of the web attack lifecycle and continue to fuel Account Takeover (ATO) and credential stuffing attacks. Therefore, we need to protect the apps that power our daily lives by disrupting the web attack lifecycle,” commented Kim DeCarlis, CMO at cybersecurity company PerimeterX.

They added: “This includes stopping the theft, validation and fraudulent use of account and identity information everywhere along the digital journey.” 

Trevor Morgan, product manager with data security specialists comforte AG, said that data-dependent businesses need to assume that they are a target for cyber-criminals.

“Squirreling sensitive data away behind protected perimeters won’t cut it anymore as a defensive measure,” said Morgan. 

He added: “Only robust data-centric security, such as tokenization or format-preserving encryption applied directly to sensitive data elements, can help mitigate the situation if the wrong hands get ahold of your data.”