The threat group MAZE claims to have carried out a cyber-attack on a mergers and acquisitions firm whose client list includes former Spice Girl and fashion designer Victoria Beckham.
MAZE maintains that it has encrypted and exfiltrated data from New York company Threadstone Advisors using ransomware.
Threadstone is an independent advisory firm based on Madison Avenue that specializes in the consumer and retail sectors. The company worked with Beckham to facilitate a minority investment by NEO investment partners.
Other clients of the M&A firm include Charles S. Cohen, Pittsburgh Brewing Co., Harrys of London, and Xcel Brands.
Notice of the alleged assault was posted on the cyber-criminals’ blog within the past 24 hours, along with the phone number and email address of Threadstone's managing director, Joshua Goldberg.
Proof of the attack in the form of files containing Threadstone's data has not been made available by MAZE. However, the threat group claims on their blog that such evidence is "coming soon."
No information has been shared as to how much of Threadstone's data MAZE claims to have accessed or how much the group is demanding as a ransom payment.
Infosecurity Magazine contacted Goldberg to confirm the alleged attack but had not received a response at time of publication.
Commenting on the possible cyber-crime, Emsisoft's Brett Callow said: "For companies that hold sensitive information about its clients, data theft is a nightmare scenario."
Callow said that this particular type of cyber-attack placed companies in an impossible situation.
"Whether the ransom is paid or not, their information is in the possession of cyber-criminals and may be made publicly available and/or sold or traded with other criminal enterprises," said Callow.
"At best, a company will receive a pinky promise that the stolen data will be deleted and not misused—but as that pinky promise is being made by criminal scumbags, it carries very little weight. No weight at all, in fact."
Previous victims of MAZE include IT services firms Cognizant and Conduent. Cognizant admitted that its run-in with the MAZE group in April 2020 could end up costing the firm $70m.