Russian criminals hacked into the database of the luxury food company Daylesford Organic.
Clients including Jeremy Clarkson, Sir David Attenborough, Tim Henman, the Duchess of York, the snooker player Ronnie O’Sullivan and Lady Sarah Chatto, the King’s cousin, had their details, including home addresses, posted on the so-called dark web – a hidden part of the internet used by criminals.
The company is owned by Lady Bamford, wife of Lord Bamford, the Conservative donor and the owner of JCB, the construction equipment group.
READ ALSO: Man punched and kicked during robbery in Oxford
The Bamfords hosted the wedding party for Boris and Carrie Johnson in the summer.
The company reportedly provided food hampers to the couple in Downing Street during the pandemic but the former PM is not among the clients whose details were leaked.
The hackers crippled its IT systems and demanded a hefty ransom in cryptocurrency Bitcoin to unlock it.
The leak came after the society firm, which employs over 500 people across the Cotswolds business and four London sites, refused to pay it.
After the failed blackmail attempt, the gang – known as ‘Snatch Team’ – posted personal details and courier delivery notes showing the home addresses of clients.
Experts said the hackers probably used a type of computer virus known as ransomware hidden in an email attachment to get into the computer systems.
Snatch Team all appear to be Russian speakers, according to a 2019 report by the security firm Sophos.
READ ALSO: Scales of Justice - results from Oxford Magistrates Court
They hacked McDonald’s on February 24 this year – the day Russia invaded Ukraine.
Last night, Philip Ingram, a former colonel in British military intelligence, told the Mail on Sunday: "This cyber attack should be a wake-up call for the security services and businesses.
"Daylesford is exactly the kind of company that would be viewed by Russia-based hackers as both a lucrative ransomware opportunity and of potential use to power brokers in the Kremlin."
The Information Commissioner’s Office added: "Daylesford Organic made us aware of an incident. After reviewing the information, we gave data protection advice and closed the case."
A spokesperson confirmed: "Daylesford Organic was the victim of a cyberattack back in June 2021.
"It was reported to, and thoroughly investigated by, the ICO at the time and there has been no further incident since.
"Daylesford Organic takes customer data protection very seriously and additional security measures were put in place to defend the business following the 2021 attack."
A message from our Editor
Thank you for reading this story and supporting the Oxford Mail.
If you like what we do please consider getting a subscription for the Oxford Mail and in return we’ll give you unrestricted access with less adverts across our website from the latest news, investigations, features, and sport.
Follow us on Facebook, Twitter, Instagram and Tik Tok for more.
You can also join the conversation in our Facebook groups: stay ahead of traffic alerts here, keep up to date with the latest from court here, share your favourite memories of Oxford here, get your daily dose of celebrity news here and take some time out with news that will make you smile.
If you’ve got a story for our reporters, send us your news here. You can also list an event for free here.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here