Millions of Customer Records Stolen in Cyberattack on Gucci, Balenciaga, and Alexander McQueen

Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen.

The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7.4 million unique email addresses.

Potentially millions of customers around the world may now be at risk after names, email addresses, phone numbers, postal addresses, and total spend data were accessed.

Kering says it notified relevant data protection regulators and directly emailed those affected, though it declined to disclose the exact number of impacted customers.

Scope of the Stolen Data

Investigations reveal that no payment card information or other sensitive financial details were compromised. Instead, the attacker obtained customer profiles showing how much each person spent at the luxury stores.

A small sample shared with the BBC contained thousands of records that seemed authentic. Among those, some individuals had spent more than $10,000, and a few high rollers had totals between $30,000 and $86,000.

This “Total Sales” information heightens concerns that wealthy customers could become prime targets for follow-on attacks or phishing scams if the data is sold or leaked further.

Shiny Hunters claims to have infiltrated Kering’s systems back in April. They reached out to Kering in June, proposing ransom talks in Bitcoin an olive branch the company says it never accepted.

Kering insists no such negotiations took place and that it followed law enforcement advice by refusing to pay.

“In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses,” a company spokesperson said, emphasizing that all IT systems have now been secured.

The Kering breach comes amid a wider wave of cyberattacks targeting luxury goods companies. Cartier and Louis Vuitton also disclosed breaches earlier this year, though it remains unclear whether those incidents are connected to Shiny Hunters.

Google’s cybersecurity experts warn that Shiny Hunters also dubbed UNC6040 has been exploiting employee access to internal Salesforce platforms by tricking staff into revealing login credentials.

Google itself fell victim to a similar attack, underlining how even leading tech firms are vulnerable to these tactics.

Customers whose information may have been exposed should remain vigilant. Personal details like names, addresses, and order histories can be used by scammers posing as banks or government agencies.

The UK’s National Cyber Security Centre advises changing passwords, enabling two-factor authentication, and using passphrases made of three random words. Most importantly, never reuse passwords across accounts.

If you receive an unexpected call claiming to be from your bank, hang up and dial the official number listed on your card or bank statement. Remaining alert and following basic security hygiene can help mitigate the fallout of such high-profile data breaches.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.