Luxury fashion house Zegna confirms August’s ransomware attack

Italian luxury fashion house Ermenegildo Zegna has confirmed a ransomware attack in August 2021 that led to a widespread IT system outage.

The disclosure came with today’s filing of an SEC Form 424B3 updating the investment prospectus to alert investors to business disruption and risks of data breaches resulting from sophisticated cyberattacks.

To highlight the potential investment risks, the report includes an example of a ransomware attack that hit the company in August 2021, affecting most of its IT systems and causing a large-scale disruption.

Zegna emphasizes that they did not negotiate a ransom payment with the ransomware actors, so they had to restore data from backups in the weeks following the incident.

While Zegna had previously disclosed unauthorized access to their systems at the time, it wasn’t until today’s filing with the SEC that they confirmed it was a ransomware attack.

“In August 2021 we were victims of a ransomware attack that affected most of our IT systems. Because we refused to hold discussions about paying the ransom, those responsible released certain accounting materials extracted from our IT systems,” reads Zegna’s SEC filing.

“We publicly disclosed the breach of IT systems and gradually restored our IT systems from secure backup servers over the weeks following the breach.”

As the filing updates the prospectus to address risks for investors, it also warns:

“A malfunction that results in a broader or prolonged disruption to our business could have a material adverse impact on our business, results of operations and financial condition. In addition to supporting our business operations, we use our systems to collect and store confidential and sensitive data, including information about our business, our customers and our employees.

Any unauthorized access to our information systems may compromise the confidentiality of this data and expose us to claims and damage to our reputation. Ultimately, any material breach of the integrity of our data security could have a material adverse impact on our business, results of operations and financial condition.”

RansomEXX claimed the attack

Last year, the RansomEXX operation claimed responsibility for the attack, which released data to further blackmail the victim into paying a ransom.

The leaked data was stolen from Zegna’s systems and released by the ransomware gang on the day the company announced their attack.

Zegna's entry on the leak portal RansomEXX
Zegna’s entry on the leak portal RansomEXX (beeping computer)

As part of the attack, the attackers claim to have copied 20.74GB of data, where they offered it in password-protected ZIP files. At this point, Zegna’s entry on the leak portal has reportedly received 483,000 visits.

List of files still offered on the RansomEXX Tor site
List of leaked files (BC)

Unfortunately, Zegna’s file confirms the authenticity of the leaked data, but they have not commented on the impact on customers and partners.

This is the same ransomware group that hit corporate giants like Konica Minolta in August 2020, GIGABYTE in August 2021, and more recently Hellmann Worldwide.

Leave a Comment