Industry / Retail

Graff Paid Hackers $7.5 Million To Retrieve Stolen Customer Data


Famed jeweler Graff ended up paying a hacker gang $7.5 million in bitcoin after the group threatened to disclose its customers’ private purchasers, according to the company and news reports.

“We were determined to take all possible steps to protect [our customers’] interests and so negotiated a payment that successfully neutralized that threat,” says a company statement, emailed to JCK. “Regrettably these commercial decisions are all too common these days.”

Sources say the company originally refused to negotiate with the gang, as is recommended by law enforcement. But once the breach became front-page news, Graff felt it had no choice but to pay the ransom—originally $15 million, but then negotiated, diamond-business style, to half that.

Still, Graff’s insurer, the Travelers Companies, has argued that it should not have paid anything. Graff is now suing the insurer in London’s High Court to recoup the payout, which it argues was covered by its policy.

JCK was unable to see any documentation from the lawsuit, which was originally reported by Bloomberg.

“We are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk,” the Graff statement said “They have left us with no option but to bring these recovery proceedings at the High Court.”

The Travelers Companies could not be reached for comment.

After hacking Graff’s servers in September 2021, the gang, Conti, reportedly posted 69,000 documents featuring details about Graff’s customers on the so-called dark web. The documents revealed personal information about former President Donald Trump and celebrities such as Oprah Winfrey and soccer star David Beckham.

Then, in a bizarre twist, the group said it would delete any information pertaining to the members of the royal families of Saudi Arabia, the United Arab Emirates, and Qatar.

It also apologized to Saudi Arabian Prince Mohammed bin Salman “for any inconvenience.”

Security experts suggested that the group was worried about “potentially serious repercussions” from the Saudis.

The Jewelers’ Security Alliance has cybersecurity tips for jewelers here.

Photo: Getty Images

Follow JCK on Instagram: @jckmagazine
Follow JCK on Twitter: @jckmagazine
Follow JCK on Facebook: @jckmagazine

By: Rob Bates

Log Out

Are you sure you want to log out?

CancelLog out