Go to main content Skip to footer navigation

Dear Client,


We regret having to inform you that Moncler was recently hit by an extremely sophisticated cyber attack.


As soon as this unauthorized access was identified, the company adopted appropriate security measures aimed at minimizing its effects and identifying how it happened, and implemented corrective actions to best protect everyone’s interests, also enlisting the help of sector experts.

However, unfortunately, some personal and business data has been exfiltrated. This may also include your personal data in our possession with a consequent possible risk of identity theft and attempted fraud.

In any case, we wish to reassure you that no data relating to payment methods and instruments was involved.

The event was promptly reported to the police and the Italian Data Protection Authority.

We are profoundly sorry for what happened, even more so because in carrying out our business we pay the utmost attention to the confidentiality of our clients’ data.

As general good practice, even more so in circumstances of this kind, in order to minimize the chances of identity theft and attempted fraud we invite we advise you to be wary of communications from third parties appearing to know certain information about you, and not to use credentials (ID, passwords etc.) that are easily identifiable or inferable on the basis of your data.

We sincerely apologize for the inconvenience and inform you that, should you require any further information, you can consult the website www.moncler.com or contact our Client Service at client.service@moncler.com or our Data Protection Officer at the following address: dpo@moncler.com.



Warm regards,

Moncler



PRIVACY Q&As FOR CLIENTS


1. When did the cyber attack happen?

The cyber attack was identified and promptly handled on December 22nd.

Unfortunately, the extreme sophistication of the techniques implemented by the criminals made the reconstruction of the incident particularly complex and lengthy, also in reference to a possible compromise of data from clients, who were informed promptly as soon as the investigation confirmed the risk of a possible exfiltration of data.


2. How do I know if my personal data was also affected by the attack and, if so, which data? 

At the moment, what we can confirm is that there was an unauthorized access with possible exfiltration of some of your personal data including contact data and/or data relating to purchases made. We emphasize that the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


3. What does this notice mean for us? What do I have to do?

In cases such as these, notice is due in accordance with the provisions of the legislation for the protection of personal data and is aimed at informing the subjects concerned of the consequences of the cyber attack.

In addition, through this notice, we advise you to be wary of communications from third parties appearing to know certain information about you, and not to use credentials (ID and passwords) that are easily identifiable on the basis of the data you provided at the time of registration.


4. What does data breach mean exactly?

A 'data breach' is an IT incident involving personal data that could have an impact on data subjects. In this case, it involved the unauthorized access of third parties to the company’s IT systems and could have caused the exfiltration of some of your personal data including contact data and/or data relating to purchases made.

We emphasize that the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


5. Do I have to officially notify any authorities?

No, Moncler is required to do so. Moncler has already promptly reported the event to the Italian Data Protection Authority and reported it to the police. In line with general best practices, if you should ever realize that you are the victim of a crime (such as identity theft and/or fraud), we suggest that you report it to the competent authorities.


6. Have credit card details been taken? Should I block my credit card or other payment methods?

No, the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


7. Should I contact my bank’s security or fraud prevention department?

No, the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


8. Do I need to change my identity documents, e-mail and phone number?

No, in our opinion this is not necessary. We do, however, advise you to be wary of communications from third parties appearing to know certain information about you, and not to use credentials (ID and passwords) that are easily identifiable on the basis of your data.


9. How can I buy a garment from you safely?

You can buy our garments safely both in stores and on the website, as the systems have been sanitized.

In any case, the company is tightening its security measures further.


10. Do I need to change all my passwords?

As a good general rule when it comes to security, even more so in the case of cyber attacks, we advise you never to use passwords that are easily identifiable on the basis of personal information. If that is your case, we suggest that you update them.


11. Even if I only made my purchase in store (and not online) am I still at risk?

It is irrelevant where you made the purchase. We advise you to be wary of communications from third parties appearing to know certain information about you and not to use passwords that are easily identifiable on the basis of the data provided for registration.


12. Should I uninstall and re-install your Moncler app from my mobile?

No, uninstalling and reinstalling is not required and does not add additional security. If anything, we recommend that you change your login password for the Moncler app if it can be identified on the basis of your data.


13. Can I remove my data from your systems?

You can withdraw your consent to the processing of your personal data and close your account on the site at any time, except for certain data which will be kept for legal purposes, by writing to Client Service by selecting the topic “privacy” in the appropriate form in the “Contact Us” section of the website. 


14. Am I at risk if my data remains on your systems?

No, the systems have been sanitized and we are further strengthening our security measures.