Cyber criminals have reportedly compromised the personal information of customers affiliated with luxury brands Balenciaga, Gucci, and Alexander McQueen. The data breach includes names, email addresses, phone numbers, physical addresses, and spending totals for purchases made at these stores globally. Kering, the parent company of these brands, has verified the breach and informed the appropriate data protection authorities, noting that no financial information, such as credit card details, was among the stolen data.
While Kering has communicated with affected customers, it has not publicly disclosed the number of individuals impacted, adhering to legal obligations that allow private notifications without mandatory public announcements. The group claiming responsibility for the breach identifies itself as Shiny Hunters, alleging possession of data related to approximately 7.4 million unique email addresses, suggesting the potential size of the victim pool. A limited sample shared with the BBC contained legitimate customer details, raising concerns about possible exploitation of high-spending individuals for future scams.
Shiny Hunters indicated they infiltrated Kering’s systems in April and purportedly engaged in negotiations for a ransom in Bitcoin—a claim Kering has denied, stating it has refrained from any such negotiations as per law enforcement advice. A spokesperson for Kering confirmed the unauthorized access and emphasized that sensitive financial data was not compromised, adding that the company has since improved its IT security measures.
This breach coincided with a series of attacks on luxury brands, including Cartier and Louis Vuitton, raising questions about potential connections between these incidents. Cybersecurity experts at Google have linked Shiny Hunters to a pattern of attacks and noted that the group has previously engaged in social engineering tactics to compromise confidential information.
Individuals concerned about the security of their information are advised to remain vigilant against potential scams, verify the legitimacy of communications, and implement stronger cybersecurity measures, such as two-factor authentication and unique passwords.
Source: https://www.bbc.com/news/articles/crl5j8ld615o?at_medium=RSS&at_campaign=rss