An attack on FatFace was already attracting media attention for the firm’s attempt to get people to keep their breach notification email confidential. Naturally, it got more attention that way.
But on March 27, SuspectFile reported that the breach, first disclosed at the end of March, was more serious than what had been revealed previously. It also impacted people in the U.S.:
It also emerged that the data breach began on December 25, 2020 and lasted until January 18, 2021. After an analysis ordered by FatFace and entrusted to a company in the field of information security, it emerged that , at the moment , the total number of people involved in the United States is 183 employees of FatFace, including 18 residents in the state of Maine. The forensic analysis ended on March 9.
But the revelations about the breach were not done. SuspectFile also subsequently pointed us to reporting by ComputerWeekly about how FatFace had wound up paying ransom to Conti threat actors.
Despite paying ransom, FatFace did offer mitigation services to those impacted.