article featured image


A major luxury menswear brand and one of the most known enterprises in Italy, the Ermenegildo Zegna Group, is comprised of the Ermenegildo Zegna and Zegna SpA companies.

Zegna was founded by the young entrepreneur Ermenegildo Zegna, in Trivero, near the Biella Alps, in 1910 with a vision to ethically create the world’s finest textiles through innovation and the direct sourcing of the noblest fibers from their respective markets of origin.

Today, the company has grown into a global luxury brand that includes everything from fabric to clothing to accessories.

What Happened?

The Italian luxury fashion brand Ermenegildo Zegna has admitted that it was the victim of a ransomware attack in August 2021 that caused widespread disruption of its IT systems.

The statement was made in a Form 424B3 filed with the Securities and Exchange Commission, which updates their investment prospectus to warn investors about the dangers of business interruption and data loss caused by sophisticated cyberattacks.

As the journalists at BleepingComputer explained, the paper uses the scenario of a ransomware assault on a company to illustrate the possible investment risks. The attack affected most of the company’s IT systems and caused a wide-scale disruption.

Zegna emphasizes that they did not communicate with the ransomware operators in order to negotiate a ransom payment, and as a result, they were forced to recover from backups in the days and weeks after the attack.

We depend on our information technology and data processing systems to operate our business, and a significant malfunction or disruption in the operation of our systems, human error, interruption to power supply, or a security breach that compromises the confidential and sensitive information stored in those systems, could disrupt our business and adversely impact our ability to operate. Our ability to keep our business operating effectively depends on the functional and efficient operation by us and our third party service providers of our information, data processing and telecommunications systems, including our product design, manufacturing, distribution, sales and marketing, billing and payment systems. We rely on these systems to enable a number of business processes and help us make a variety of day-to-day business decisions as well as to track operations, billings, payments and inventory. Such systems are susceptible to malfunctions and interruptions due to equipment damage, power outages, connection interruption, and a range of other hardware, software and network problems. Those systems are also susceptible to cybercrime, or threats of intentional disruption, which are increasing in terms of sophistication and frequency, with the consequence that such cyber incidents may remain undetected. For any of these reasons, we may experience system malfunctions or interruptions. For example, in August 2021 we were subject to a ransomware attack that impacted the majority of our IT systems. As we refused to engage in discussions relating to the payment of the ransom, the responsible parties published certain accounting materials extracted from our IT systems. We publicly announced the IT systems breach and gradually restored our IT systems from secure back up servers during the weeks following the breach. Although our systems are diversified, including multiple server locations, third party cloud providers and a range of software applications for different regions and functions, and we periodically assess and implement actions to ameliorate risks to our systems, a significant or large scale malfunction or interruption of our systems could adversely affect our ability to manage and keep our operations running efficiently, and damage our reputation if we are unable to track transactions and deliver products to our customers. A malfunction that results in a wider or sustained disruption to our business could have a material adverse effect on our business, results of operations and financial condition. In addition to supporting our operations, we use our systems to collect and store confidential and sensitive data, including information about our business, our customers and our employees. Any unauthorized access to our information systems may compromise the privacy of such data and expose us to claims as well as reputational damage. Ultimately, any significant violation of the integrity of our data security could have a material adverse effect on our business, results of operations and financial condition. See “—We are exposed to the risk that personal information of our customers, employees and other parties collected in the course of our operations may be damaged, lost, stolen, divulged or processed for unauthorized purposes.” Our recently acquired businesses may use different information technology and data processing systems than those used at a broader group level, which could make it more complex to prevent or timely address any of the foregoing events.


The RansomEXX organization claimed responsibility for the assault, in which data was disseminated as a means of extorting the victim into paying a ransom in exchange for the release of the data.

The stolen information came from Zegna’s servers, and the ransomware gang made it public on the same day that the company announced its assault.


The threat actors claim to have copied 20.74 GB of data from a website where they were offering it in password-protected ZIP files as part of the assault. The leak site claims that Zegna’s listing has gotten 483,000 visitors as of this writing.

How Can Heimdal™ Help?

Prevention is the most effective cybersecurity technique because it protects your important assets from being compromised in the first place. In order to avoid data loss and exfiltration, your firm needs effective cybersecurity solutions such as Heimdal Ransomware Encryption Protection, which prevents ransomware encryption attempts and so protects you against data loss and exfiltration.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo