Massive cyber heist rocks high society jeweller Graff: Russian gang demand multi-million ransom or they’ll release private details of rich and famous – after leaking files on David Beckham, Oprah and Donald Trump
Hackers have plundered the personal details of world leaders, Hollywood A-listers and billionaire tycoons in a massive ‘virtual heist’ on exclusive jewellery firm Graff, The Mail on Sunday can reveal.
And they are thought to be demanding tens of millions of pounds in ransom money to stop the release of further sensitive information.
The notorious Russian hacking gang Conti is behind the data theft and claims the information published, involving about 11,000 of Graff’s well-heeled clients, represents just one per cent of the files it stole.
Documents including client lists, invoices, receipts and credit notes have been taken, and could prove embarrassing for customers who may, for example, have bought gifts for secret lovers or taken jewellery as bribes.
Russian hackers have plundered the personal details of world leaders, actors and personalities in a ‘virtual heist’ on exclusive jewellery firm Graff. Pictured: The list of victims is believed to include David Beckham
‘Given the profile of the customer database, this is absolutely massive,’ said Philip Ingram, a former colonel in British military intelligence.
‘This is going to bring the highest levels of international law enforcement down on the gang, and that’s going to give them a whole lot of headaches in trying to get the ransom paid and then get away with it.’
Cyber experts believe the extortionists will demand payment either in an untraceable cyber currency such as Bitcoin – or even in jewels.
Around 600 British customers are among the victims so far named, including Formula One heiress Tamara Ecclestone and former footballer Frank Lampard, who was previously pictured leaving Graff’s flagship London store with his wife Christine Bleakley.
International superstars on the list include Hollywood actors Tom Hanks (pictured), Samuel L Jackson and Alec Baldwin, already troubled after accidentally shooting dead cinematographer Halyna Hutchins on the set of his latest film
Former Topshop boss Sir Philip Green (pictured) and his wife Lady Tina are listed as clients of Graff, which has a store in Monaco, where the family’s £100 million superyacht Lionheart is moored
International superstars on the list include Hollywood actors Tom Hanks, Samuel L Jackson and Alec Baldwin, already troubled after accidentally shooting dead cinematographer Halyna Hutchins on the set of his latest film.
Singer Tony Bennett also features in the leak, while two addresses for US chat show queen Oprah Winfrey and seven for Donald and Melania Trump were published.
Conti, which is believed to be based near St Petersburg, released the first cache of customer information earlier this month on the dark web, a secretive part of the internet known as a haven for terrorists and criminals – who could potentially use the material for theft, extortion or blackmail.
The Information Commissioner’s Office (ICO), which can impose multi-million pound fines on companies that fail to keep customers’ data secure, said it was investigating the breach.
London-based Graff, which was founded by 83-year-old Laurence Graff, a self-styled ‘King of Bling’, said it had informed those whose personal data may have been accessed.
London-based Graff, which was founded by 83-year-old Laurence Graff, a self-styled ‘King of Bling’, said it had informed those whose personal data may have been accessed
But one well-known British millionaire named in the files as having bought a pair of yellow and white diamond earrings worth £237,000 in January last year said he had not been notified.
King of Bling was victim of UK’s biggest unsolved diamond theft
By Molly Clayton
The Conti cyber hack is not the first time the jewellery empire that Laurence Graff (pictured below) founded when he was 18 has suffered at the hands of hardened criminals.
In August 2009, two sharply dressed men entered the Graff Diamonds branch in Mayfair, pulled out handguns and started threatening staff.
A female shop assistant was forced to empty the display cabinets before being taken hostage.
The raiders freed her in the street, firing a shot into the air and escaping in a BMW with a haul of 43 rings, bracelets, necklaces and watches, valued at nearly £40 million.
But the two robbers left a mobile phone behind as they swapped escape cars. Numbers on it led to the culprits, who had spent four hours being disguised by a professional make-up artist who thought it was for a music video.
In all, five men were jailed for their involvement in the raid. But none of the stolen jewellery in Britain’s largest unsolved gems heist was ever recovered.
Almost three decades earlier, in September 1980, the 45-carat Marlborough diamond – worth more than £2 million at today’s prices – was stolen from a Graff store in Knightsbridge.
Although the two robbers, believed to be members of the Chicago Mafia, were arrested and jailed, the diamond, which once belonged to the wife of the Duke of Marlborough, a cousin of Winston Churchill, was never recovered. The pair were believed to have posted their haul to New York on their way home.
Now worth £2.9 billion, Laurence Graff, 83, started as an apprentice in the diamond district of Hatton Garden, London. The 15-year-old East End boy scrubbed floors and cleaned toilets while taking classes in his spare time at the Central School of Arts and Crafts, where he was told he would ‘never make the grade’.
Determined to prove his teachers wrong, Mr Graff began selling his own designs in 1960 and opened two London boutiques two years later. Now, there are more than 60 worldwide. Former US President Donald Trump bought his wife Melania’s £1 million, 15-carat emerald cut diamond engagement ring from Graff, adding a Graff 25-carat ring worth £2.8 million for their tenth anniversary.
In October 2009, The Mail on Sunday revealed that Mr Graff had fathered a love-child at the age of 71 with a former employee 34 years his junior. He announced his divorce from Anne Marie, but they decided to stay together minutes before their court hearing.
The couple have two sons – Francois, 56, chief executive of his father’s business empire, and Stephane, 55, a successful artist – as well as a daughter, Kristelle, 41.
Separately, the documents show that Mr Beckham, his wife Victoria and their eldest son Brooklyn – who has posted images of jewellery bought for his actress fiance Nicola Peltz on social media – are Graff customers.
The documents also reveal that the charity Make A Wish Foundation UK spent £60,000 on a Princess Butterfly Watch in October 2019. The charity did not respond to requests for comment about the item, who bought it and why.
Former Topshop boss Sir Philip Green and his wife Lady Tina are listed as clients of Graff, which has a store in Monaco, where the family’s £100 million superyacht Lionheart is moored. The New York address of Britain’s wealthiest man Sir Len Blavatnik, also appears, as does that of financier George Soros.
The socialite Ghisaline Maxwell, who is awaiting trial on charges of recruiting underage girls for the late serial paedophile Jeffrey Epstein, is also listed.
The files do not state what, if anything, she bought, but it gives her then billing and shipping address as being in St Thomas in the US Virgin Islands, close to the island of Little Saint James, where Epstein abused some of his victims.
Erbolat Dosaev, a former deputy prime minister of Kazakhstan, was another customer. Saudi Crown Prince Mohammed bin Salman is listed as a Graff client in Monaco, as is Sheikh Mohammed bin Rashid Al Maktoum, the ruler of Dubai.
The prime minister of Bahrain, Salman bin Hamad Al Khalifa, and former prime minister of Qatar, Sheikh Bin Jabr Al Thani Hamad Bin Jassim, are also named.
Another document shows that the late Tetra Pak billionaire Hans Rausing bought a pair of ruby waterfall earrings for £89,000 and white diamond earrings for £29,000 in 2019.
Cyber experts said it was most likely that the hackers gained access to Graff’s files by sending an email which duped a member of staff into opening a file containing a sophisticated ‘ransomware’ computer virus.
This would have given the hackers a ‘back door’ to steal the company’s data, bypassing any anti-virus software or firewall.
Daria-Romana Pop, intelligence analyst for cyber threat firm Kela, said: ‘After they deliver the ransomware note, the operators usually start leaking data to intimidate the victim.
‘It starts with one per cent of the files to persuade the victim to pay the ransom and it may take from days to weeks to leak all the data, depending on the negotiation. In this specific attack, it took them one week to publish.
‘Conti is also known for threatening to disclose attacks to the victims’ clients, partners and other parties. Conti and other ransomware groups usually define the ransom depending on the size of the company and its revenue.
Conti’s ransom demands start very high, about ten per cent of the victim’s annual revenues.’
A spokesman for the ICO, which can impose fines of up to four per cent of company turnover, said: ‘We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be contacting the organisation to make further enquiries in relation to the information that has been provided.’
A spokesperson for Graff, which according to its latest accounts had revenues of £450 million in 2019, said: ‘Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals.
‘We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.
‘We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.’
The firm said it had been able to ‘rebuild and restart our systems within days – crucially with no irretrievable loss of data’.
Additional reporting: Molly Clayton and Jonathan Bucks
Russian cyber crooks top FBI’s most wanted
The infamous Conti gang of cyber hackers has claimed responsibility for the audacious ‘virtual heist’.
Previously, the Russian-based group has penetrated the security of more than 400 organisations, including Government agencies in Scotland and the Irish Republic.
Late last year, the Scottish Environment Protection Agency fell victim to one of the group’s most devastating hacks.
More than 4,000 of the agency’s files were leaked onto the internet, including sensitive operational material and embarrassing staff emails complaining about the quango’s ‘toxic’ management.
The files were released when the agency refused to pay a ransom, but the affair is thought to have cost it about £800,000.
The documents show that Mr Beckham, his wife Victoria and their eldest son Brooklyn – who has posted images of jewellery bought for his actress fiance Nicola Peltz (pictured together) on social media – are Graff customers
In May, Conti infiltrated the Irish Health Service, disrupting Covid-19 testing and causing the cancellation of patient appointments.
However, the Graff raid could be the biggest ‘diamond’ heist of all time – without a single stone being touched. Reams of personal information, including the home addresses of wealthy and famous Graff clients, have been poured out on the ‘dark web’ – with the threat of much more to follow if the gang is not paid.
The proceeds of such cyber crime funds lavish lifestyles.
Maksim Yakubets, the 34-year-old alleged head of hacking group Evil Corp and top of the FBI’s cyber most wanted list, drives a camouflage Lamborghini and is married to the daughter of a retired senior officer in the FSB, the Russian security service.
Conti, like many ransomware groups, operates by sending a fake – or ‘phishing’ – email containing a link or attachment that installs a virus into the target’s computer network. This provides access to data systems for weeks or even months before a ransom demand is eventually made.
Around 600 British customers are among the victims so far named, including Formula One heiress Tamara Ecclestone and former footballer Frank Lampard, who was previously pictured leaving Graff’s flagship London store with his wife Christine Bleakley
Experts believe that the Conti ransomware virus is operated by Wizard Spider, a group based in St Petersburg, Russia, which has been linked to possible foreign espionage activities.
Wizard Spider is also thought to be behind another infamous hacking group, Ryuk.
Conti targets organisations they believe will pay the largest ransom, and which they hope are most readily willing to pay.
There is no suggestion that Graff is negotiating with the hackers.
Such cybercrime is becoming common. The Information Commissioner’s Office issued a record £42 million in fines last year.
These included a £20 million penalty for British Airways, after the personal data of almost 430,000 customers and staff was accessed, and an £18.4 million fine for hotel chain Marriott after 339 million guest records were taken.