Gucci, Balenciaga, and Alexander McQueen hit by massive data breach
What's the story
A major data breach has hit luxury fashion brands Gucci, Balenciaga, and Alexander McQueen. Cybercriminals have stolen sensitive information of their customers in the attack. The compromised data includes personal details such as names, email addresses, phone numbers and physical addresses. It also contains purchase history from the luxury brands across the globe.
Company response
Kering confirms breach
Kering, the parent firm of Gucci, Balenciaga and Alexander McQueen, has confirmed the data breach. The firm has notified relevant data protection authorities about the incident. However, it clarified that no financial information such as card details were stolen in the attack. Kering also said it has informed affected customers via email but hasn't disclosed how many were impacted.
Hacker's claim
Hackers claim to have data linked to 7.4M unique emails
The cybercriminal group behind the attack, known as Shiny Hunters, claims to have data linked to 7.4 million unique email addresses. This indicates that the number of individual victims might be similar. A small sample shared with the BBC as proof contained thousands of customer details which appear to be genuine. The stolen data also includes the "Total Sales," revealing how much money a person has spent with each brand.
Security concerns
High spenders may become targets for cybercriminals
The inclusion of "Total Sales" in the stolen data is particularly worrying for victims. This could make high spenders vulnerable to targeted attacks and scams if the hacker decides to share this information with other criminals. Shiny Hunters claims they breached the luxury brands through Kering in April and have been negotiating a Bitcoin ransom since June. However, Kering has refused to pay the hacker as per law enforcement advice.
Attack trend
Shiny Hunters previously targeted Google
The latest data breach came amid a spate of attacks on luxury brands such as Cartier and Louis Vuitton. It is unclear if these attacks are connected to Shiny Hunters. In June, Google cybersecurity experts warned about a trend of attacks linked to Shiny Hunters, which also targeted the tech giant.