Bags of info stolen from multiple top luxury brands - double check your data now

News
By published

Shiny Hunters are back to targeting luxury brands

Password recovery concept image showing man typing on a keyboard with an overlay imitating password recovery and data recovery principles
(Image credit: Shutterstock)
  • Kering customer data breach affected 7.4 million users across Gucci, Balenciaga, and Alexander McQueen
  • High spenders, some over $80,000, may face targeted scams due to leaked personal and purchase data
  • Kering denies ransom talks; confirms no financial data stolen and authorities have been notified

French luxury powerhouse, Kering, suffered a data breach recently, in which it lost sensitive information on millions of Balenciaga, Gucci and Alexander McQueen customers.

A group known as Shiny Hunters took responsibility for this attack.

This group is also responsible for breaches at Google, Adidas, Louis Vuitton, and many others - through the Salesforce account compromise that’s been filling up news websites lately.

Targeting high spenders

The group claims to have stolen 7.4 million unique email addresses, the BBC said in its report, hinting that the number of victims could be similar. The publication was given a sample of the stolen data, to confirm its authenticity, and said that among the stolen information are people’s names, email addresses, phone numbers, addresses, and the total amount spent in luxury stores around the world.

At the same time, Kering said financial and payment information was not stolen. The company stressed that relevant data protection and law enforcement agencies have been notified of the attack.

In its investigation, the BBC said that it saw customers who spent more than $10,000 in these stores, as well as those that spent up to $86,000.

“This information is particularly concerning for victims as it could lead to high spenders being targeted by secondary hacks and scams if the hacker decides to leak the information to other criminals,” it said.

ShinyHunters said the breach happened in April, and in the months following the attack has been negotiating with the company to delete the files in exchange for a bitcoin payment. Kering denied any communication with the attackers, much less any negotiation over a ransom.

"In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information - such as bank account numbers, credit card information, or government-issued identification numbers - was involved in the incident," a Kering spokesperson told the BBC.

Via BBC

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.