Estée Lauder confirmed on Tuesday that it suffered a cyber attack in which hackers managed to steal data from its systems.
The ALPHV ransomware group revealed their involvement in the Estée Lauder cyber attack. In their post, they mentioned that not only did they breach the company systems, but added that another hacker group was also involved.
Estée Lauder cyber attack and the two hacker groups
ALPHV or BlackCat ransomware group made an elaborate claim with information about the ransom demands for the Estée Lauder cyber attack.
“We will not say much for now, except that we have not encrypted their networks,” the Estée Lauder cyber attack post on the dark web portal of the ALPHV group read.
The group clarified that the hackers have stolen the data but not encrypted the network, leaving the systems and data accessible to the company. The hackers wrote that the data was worth more and stated that CL0p also accessed the company systems.
“…ELC been attacked by our colleagues at Cl0p regarding the MOVEit vulnerability attacks,” the dark web post by ALPHV read. The hackers were not aware of any data stolen from the unauthorized access by the Cl0p ransomware group.
However, Cl0p mentioned the Estée Lauder cyber attack in an email, according to ALPHV’s post about the Estee Lauder cyber attack. To make their ransom demands separate from Cl0p, ALPHV added that they have clarified the same to Estée Lauder.
The above screenshot shows a file size of 131GB in its archives suggesting that they have data stolen of that size from the alleged Estée Lauder cyber attack.
The Cyber Express emailed Estée Lauder to get a statement about the hacker’s claims. We will update this report based on their response. The website of Estée Lauder was accessible at the time of writing.
Estée Lauder cyber attack and Cl0p ransomware group
ALPHV noted that the Cl0p ransomware group gained access to Estée Lauder data through the MOVEit zero-day vulnerability exploitation. It is not clear which hacker group’s attack was intended to be mentioned by Estée Lauder when it confirmed a cyber attack this Tuesday.
The multinational cosmetics company stated that hackers obtained some data from its systems and the cyber incident disrupted parts of the company’s business operations.
The company suspects that the cyber attack on Estée Lauder would cause further disruption to the systems.
The luxury brand of cosmetics stated that it is yet not clear about the extent of the impact of the cyber attack on Estée Lauder. However, the company’s Chief Information Officer Michael Smith and his team were cooperating with law enforcement agencies to get to the root of the cyber attack.
The company took down parts of its systems to prevent further damage from the cyber attack and mitigate risks.
Cl0p has listed around 378 organizations as victims of the MOVEit File Transfer cyber attack that was announced by MOVEit in May this year. This cyber attack also impacted service providers that catered to over 3000 educational institutions in the United States.
The National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association of America (TIAA) serving US schools were impacted by the MOVEit vulnerability.
This further increased the scope of data loss through NSC and TIAA which offered educational research and retirement record maintenance respectively.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.