We would like to inform you that the CHRIST Group (Christ Juweliere und Uhrmacher seit 1863 GmbH, Valmano GmbH, NXT LVL GmbH) has been the victim of a targeted criminal cyber attack and to provide you with a current status.

No restrictions in the availability of our business operations

Thanks to our comprehensive security measures, the attack was detected at an early stage and immediately contained, thereby preventing the encryption of IT systems. Our online shops have been and remain fully operational, placing orders and delivering them is securely possible. In addition, our stores continue to operate without major restrictions. We are able to receive and deliver goods, and all contact persons are available as usual via e-mail and telephone.

Incident analysis by IT specialists & cooperation with authorities

Immediately upon detecting the incident, we engaged several external specialists in cyber incident response and IT forensics to analyse the scope of the attack. All responsible authorities were informed, and we are in close contact with them: We reported the incident on schedule to the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia and also filed a criminal complaint with the State Criminal Police Office of North Rhine-Westphalia.

Status of data security

According to the current findings from the IT forensic analyses, the attackers accessed personal data and extracted part of it. There is also the theoretical risk that the attackers may have viewed these data and that they may have become known to unauthorised third parties.

Passwords, credit card details or other data relating to payments are not affected.

Potentially affected may be customer numbers, personal data such as name and contact details (e.g. address data), as well as information which could be relevant to entering into a contract and placing orders (e.g. purchase history, declarations of consent). We deeply regret this incident and wish to provide you with some important guidance on how to protect yourself in general, but especially in this situation.

In general, please be cautious when using the internet: remain vigilant when opening e-mail attachments, clicking on links, downloading files, and in response to any suspicious activities (e.g. e-mails, telephone calls, text messages, social media requests).

Please note that CHRIST will never contact you directly to request sensitive data such as credit card details, bank account information or passwords.

For general information about the risks of data misuse, the German Federal Office for Information Security (BSI) provides further information, guidance and advice on this subject:

Data leaks and doxing

Human security factor

Enhancing protective measures

Unfortunately, in the field of IT, complete and total security is not possible. Nevertheless, we prepared ourselves for possible cyber attacks in the past, e.g. by conducting penetration tests of our critical systems on a regular basis, by training our employees in IT security, through the comprehensive use of multi-factor authentication as well as further technical and organisational protective measures. In light of the incident, we are currently conducting close monitoring and reviews of our networks and systems as a proactive security measure, alongside the ongoing in-depth forensic investigations. In addition to the already implemented short-term measures, we will derive and implement further medium- and long-term improvements to our security arrangements in order to enhance existing safeguards and further harden our systems.

Frequently Asked Questions (FAQ):

What happened?

The CHRIST Group (Christ Juweliere und Uhrmacher seit 1863 GmbH, Valmano GmbH, NXT LVL GmbH) has been the victim of a targeted criminal cyber attack where unauthorized third parties gained access to data.

Which data are effected?

Passwords, credit card details or other data relating to payments are not affected.

Potentially affected may be customer numbers, personal data such as name and contact details (e.g. address data), as well as information which could be relevant to entering into a contract and placing orders (e.g. purchase history, declarations of consent).

What did CHRIST do?

Immediately upon detecting the incident, we informed all relevant authorities and we engaged several external specialists in cyber incident response and IT forensics to analyse the type and extent of the attack.

What can I do now?

In general, please be cautious when using the internet: remain vigilant when opening e-mail attachments, clicking on links, downloading files, and in response to any suspicious activities (e.g. e-mails, telephone calls, text messages, social media requests).

An wen kann ich mich wenden?

For more specific questions on this matter, please contact datenschutzbeauftragter@christ.de

 

With more than 160 years of tradition, we will overcome this challenge as well: We continue to make consistent investments in our technical security, reflecting our commitment to act with innovation and a forward-looking approach at all times. CHRIST stands for first-class quality and excellent service – values that we will continue to uphold in the future as well.

With this commitment, sincerely,

Your Team at CHRIST Juweliere und Uhrmacher