A threat actor has allegedly breached Frank & co., an Indonesia-based luxury jewelry brand, and is offering what they claim to be the company’s full customer database for sale on a dark web forum. Frank & co. is a prominent business-to-consumer (B2C) retailer known for its high-end jewelry, catering to a clientele that reportedly includes high-net-worth individuals primarily in the Southeast Asia region. The breach could have significant privacy implications for the company’s affluent customers.
The seller claims the database was extracted directly from the company’s live production environment and contains sensitive information on more than customers. In addition to the database dump, the threat actor also purports to have ongoing access to the company’s admin portal, which includes rights to edit information and reset account passwords. The compromised data allegedly includes a wide range of personally identifiable information.
The following data is allegedly included in the leak:
- Full Names
- Email Addresses
- Phone Numbers
- Physical Addresses
- Account creation and order timestamps
- Loyalty and wishlist metadata
