U.S. prosecutors have linked a suspected Scattered Spider hacker to a significant data breach at a luxury jewelry retailer, utilizing a unique persistent Windows device ID as a crucial piece of evidence. This connection was revealed in a recently unsealed federal complaint detailing how the attackers maintained access to the retailer’s network during a May 2025 intrusion.
Microsoft records connected the specific device ID to the account used by the attackers for sustained access, and subsequently to online accounts allegedly belonging to 19-year-old Peter Stokes, a dual U.S.-Estonian citizen. Stokes, also known online as “Bouquet,” faces charges including conspiracy, computer intrusion, and fraud. He was extradited from Finland and made his initial court appearance in Chicago on June 30. He is presumed innocent until proven guilty in a court of law.
How the Luxury Retailer’s Data Breach Unfolded
The sophisticated intrusion campaign against the luxury jewelry retailer began between May 12 and May 15, 2025. Attackers reportedly contacted the company’s IT help desk using Google Voice numbers, imperson

