Customers started receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace, had suffered a data breach after a cyberattack on January 17th, 2021, the notification was disclosing that FatFace’s network and systems were accessed as well as the customer data.

What caught the customers eye was the controversial choice of words in regards to the data breach saying, “Please do keep this email and the information included within it strictly private and confidential.”, this single sentence leading to an uproar on Twitter, with users being baffled that a notification of this type would include that type of recommendation.

From the information that we have at the moment, it looks the data breach was caused by a Conti ransomware attack. A ransom note was found by Valéry Marchive from LeMargIT, allowing the publication to review a ransom negotiation between FatFace and the ransomware gang.

Originally Conti asked for $8.5 million, but the negotiations led to a payment of only $2 million in order for FatFace to gain access to a decryption key and a promise from Conti not to leak the 200GB of stolen data. The attackers said they gained access to an internal FatFace workstation through a phishing attack on January 10th, 2021.

From there, the team was able to obtain general administrative rights and began to move laterally through the network, identifying the retailer’s cybersecurity installations, Veeam backup servers, and Nimble storage. The ransomware attack itself was executed on 17 January and saw more than 200GB of data exfiltrated.


The Conti attacker group also provided FatFace a report on how to better protect their network, including email filtering, phishing awareness tests, better Active Directory password policies, EDR technology, and an offline backup strategy.

British Retailer ‘Fat Face’ Suffers Security Breach

10 Alarming Cyber Security Facts that Threaten Your Data

Leave a Reply

Your email address will not be published. Required fields are marked *