Share
Cyber criminals have reportedly stolen the private data of millions of customers of luxury brands Gucci, Balenciaga and Alexander McQueen in a significant breach.
The attack, which targeted parent company Kering, has compromised sensitive information, including customer names, email addresses, phone numbers and home addresses.
A particularly concerning detail is the “Total Sales” figure, which reveals how much money each customer has spent at the luxury stores, with some victims having spent tens of thousands of dollars.
The hacker, operating under the name Shiny Hunters, claims to have stolen data linked to 7.4 million unique email addresses. A small sample of the data shared with the BBC appeared genuine and showed that some high-spending customers had spent over $10,000, with a handful having spent as much as $86,000.
This information is a major concern as it could make these high-value customers prime targets for future scams or secondary hacks.
Kering has confirmed the breach, which occurred in April, and stated that it has already notified the relevant data protection authorities. The company confirmed that no financial information, such as credit card details, was compromised during the incident.
A spokesperson for Kering stated: “In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses.”
Shiny Hunters told the BBC that they breached the company through Kering and were in negotiations for a ransom to be paid in Bitcoin, a claim that Kering denies. The company maintains that it has refused to pay the ransom in line with law enforcement advice.
This breach is part of a wave of recent attacks on luxury brands, which also saw Cartier and Louis Vuitton disclose data breaches to their customers. It is not known if these other attacks are linked to Shiny Hunters.
Becky White, Senior Solicitor in Harper James’ Data Protection team, warns that the exposure of names, contact details, and purchasing history could still put customers at risk:
“The Kering data breach is just one example in a spate of recent cyber attacks on the retail sector, which has been heavily targeted by cyber criminals. This rise may be attributed to the sector’s handling of vast amounts of valuable personal data and its complex supply chains, a situation further amplified by the rapid growth of online shopping and mobile apps, particularly since the COVID-19 pandemic.
“The Kering data breach is certainly another wake-up call for any business that processes customer personal data. Although sensitive information such as payment card details or government IDs were not taken, the exposure of names, contact information and purchasing history still potentially poses a high risk to the impacted individuals”
“Often businesses focus their security measures on the obvious risks, like credit card numbers and banking details, and underestimate the value of other information that is stored on a CRM system, such as a customer’s purchase history, preferences, loyalty scheme activity and contact history.”
For customers concerned that their information may have been stolen, cybersecurity experts advise staying vigilant for suspicious emails, messages, or phone calls. It is recommended to change your passwords and use two-factor authentication where possible. The National Cyber Security Centre suggests creating passwords made of three random words for increased security.
Related Posts
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.
