A directory featuring the personal and contact details of 4,736 employees, 1,433 former employees and 1,088 contractors was compromised.

The attack also unearthed some contracts and accounting data relating to the firm’s US subsidiary, Campari America LLC.

Campari Group also believes that personal and business data of 10,000 active customers and 8,500 active suppliers could have been compromised, along with confidential documents such as contracts, payment details, analysis, presentations and accounting.

It also fears that details of employees’ job descriptions, payment details, compensation and performance evaluations may have been stolen, plus CVs of former candidates and contact details of journalists.

Campari Group does not systematically hold personal credit card or other payments information or credential or any other kind of personal password.

There is no indication that Campari Group websites have been accessed. All business passwords to access Campari Group network were encrypted.

Campari Group has kept informed its employees and stakeholders and has offered identity theft support where customary. 

The firm provided some simple security advice: 

• Do not respond to suspicious requests or messages (especially in relation to payments – such as change of payment details, or request for password or bank account information); 
• Do not open any link unless you are absolutely sure it comes from a reliable source. 

Individuals that wish to inquire about personal information that has potentially been compromised or need support should contact Daniele di Maiuta, the firm’s group data protection officer: gpdp.office@campari.com.