THE personal details of the Duchess of York, Jeremy Clarkson and Sir David Attenborough have been leaked by Russian criminals who hacked into the database of luxury food firm Daylesford, The Mail on Sunday can reveal.

The King’s cousin Lady Sarah Chatto, Tim Henman and snooker star Ronnie O’Sullivan are among the other celebrity clients whose details have been posted on the so-called dark web – a hidden part of the internet used by criminals.

Last night, experts warned the hack was ‘a wake-up call’ amid growing concern about Kremlin cyber attacks on Britain.

The leak came after the society firm refused the hackers’ demand for a hefty ransom payment in the cryptocurrency Bitcoin.

After the failed blackmail attempt, the gang – known as ‘Snatch Team’ – posted personal details and courier delivery notes showing the home addresses of clients.

Daylesford Organic is owned by Lady Carole Bamford, wife of Tory billionaire donor and JCB construction owner Lord Bamford, and named after the Cotswolds village where they live.

The firm is reported to have delivered food to Boris Johnson during lockdown, but the former PM is not among the clients whose details were leaked.

Daylesford announced it had been hacked in June 2021, but said no personal information had been compromised.

But since then the hackers have uploaded a vast cache of stolen files

‘This attack should be a wake-up call’

measuring an enormous 80 gigabytes to the dark web.

Among the leaked Daylesford files are order sheets for wealthy clients, receipts for purchases by Lord and Lady Bamford and sensitive data including staff grievances, confidentiality agreements, and banking information.

As well as a farm shop on the Gloucestershire estate of the Bamfords – Daylesford House – the firm also has four shops in London and an online store.

Experts said hackers probably used a computer virus known as ransomware hidden in an email attachment to get into the firm’s computer systems. Snatch Team all appear to be Russian speakers, according to a 2019 report by the security firm Sophos. They hacked McDonald’s on February 24 this year – the day Russia invaded Ukraine.

Last night, Philip Ingram, a former colonel in British military intelligence, said: ‘This cyber attack should be a wake-up call for the security services and businesses. Daylesford is exactly the kind of company that would be viewed by Russia-based hackers as both a lucrative ransomware opportunity and of potential use to power brokers in the Kremlin.’ Analysts warn that global cyber attacks have increased by 32 per cent in the past year. Security firm Acronis said ransomware attacks were the biggest threat to businesses and governments, and warned that damages could exceed £26billion by the end of the year. Firms face millions of attempts on their computer systems every day.

UK intelligence services have warned of increased risk from Russian hackers due to the war in Ukraine. The National Cyber Security Centre said the ‘cyber threat to the UK remains heightened’.

The Information Commissioner’s Office said: ‘Daylesford Organic made us aware of an incident. After reviewing the information, we gave data protection advice and closed the case.’ Daylesford did not respond to a request for comment.