Go to main content Skip to footer navigation

faq

PRIVACY NOTICE

Back
1. When did the cyber attack happen?
The cyber attack was identified and promptly handled on December 22nd.
Unfortunately, the extreme sophistication of the techniques implemented by the criminals made the reconstruction of the incident particularly complex and lengthy, also in reference to a possible compromise of data from clients, who were informed promptly as soon as the investigation confirmed the risk of a possible exfiltration of data.


2. How do I know if my personal data was also affected by the attack and, if so, which data?
At the moment, what we can confirm is that there was an unauthorized access with possible exfiltration of some of your personal data including contact data and/or data relating to purchases made. We emphasize that the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


3. What does this notice mean for us? What do I have to do?
In cases such as these, notice is due in accordance with the provisions of the legislation for the protection of personal data and is aimed at informing the subjects concerned of the consequences of the cyber attack.
In addition, through this notice, we advise you to be wary of communications from third parties appearing to know certain information about you, and not to use credentials (ID and passwords) that are easily identifiable on the basis of the data you provided at the time of registration.


4. What does data breach mean exactly?
A 'data breach' is an IT incident involving personal data that could have an impact on data subjects. In this case, it involved the unauthorized access of third parties to the company’s IT systems and could have caused the exfiltration of some of your personal data including contact data and/or data relating to purchases made.
We emphasize that the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


5. Do I have to officially notify any authorities?
No, Moncler is required to do so. Moncler has already promptly reported the event to the Italian Data Protection Authority and reported it to the police. In line with general best practices, if you should ever realize that you are the victim of a crime (such as identity theft and/or fraud), we suggest that you report it to the competent authorities.


6. Have credit card details been taken? Should I block my credit card or other payment methods?
No, the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


7. Should I contact my bank’s security or fraud prevention department?
No, the data relating to payment methods (IBAN, credit cards or other) and/or identity documents (identity card, passport or other) is not saved in our systems and therefore has not been subject to exfiltration.


8. Do I need to change my identity documents, e-mail and phone number?
No, in our opinion this is not necessary. We do, however, advise you to be wary of communications from third parties appearing to know certain information about you, and not to use credentials (ID and passwords) that are easily identifiable on the basis of your data.


9. How can I buy a garment from you safely?
You can buy our garments safely both in stores and on the website, as the systems have been sanitized.
In any case, the company is tightening its security measures further.


10. Do I need to change all my passwords?
As a good general rule when it comes to security, even more so in the case of cyber attacks, we advise you never to use passwords that are easily identifiable on the basis of personal information. If that is your case, we suggest that you update them.


11. Even if I only made my purchase in store (and not online) am I still at risk?
It is irrelevant where you made the purchase. We advise you to be wary of communications from third parties appearing to know certain information about you and not to use passwords that are easily identifiable on the basis of the data provided for registration.


12. Should I uninstall and re-install your Moncler app from my mobile?
No, uninstalling and reinstalling is not required and does not add additional security. If anything, we recommend that you change your login password for the Moncler app if it can be identified on the basis of your data.


13. Can I remove my data from your systems?
You can withdraw your consent to the processing of your personal data and close your account on the site at any time, except for certain data which will be kept for legal purposes, by calling the Client Service on the freephone number 00 800 10204000 from Monday to Friday, from 10 am to 7 pm CEST (excluding Sundays and public holidays), or by writing to Client Service by selecting the topic “privacy” in the appropriate form in the “Contact Us” section of the website.


14. Am I at risk if my data remains on your systems?
No, the systems have been sanitized and we are further strengthening our security measures.