Thought Leadership
Cyber criminals have stolen personal information from customers of luxury brands Gucci, Balenciaga and Alexander McQueen. The parent company Kering confirms the incident and speaks of “limited” customer data.
In a cyber attack on the French luxury goods group Kering, customer data records for the Gucci, Balenciaga and Alexander McQueen brands have been compromised. According to the company, attackers gained unauthorized access to internal systems in April and captured names, email addresses, telephone numbers, home addresses and information on customer spending in boutiques worldwide.
Scope of the data theft still unclear
The hacker group “Shiny Hunters” claims responsibility for the attack and claims to have captured records of 7.4 million email addresses. A sample analyzed by the BBC contained thousands of authentic-looking customer records before they were deleted. The stolen data also contained information on the total spending of individual customers. Some of these are in the five to six-figure range.
Kering assures that no financial information such as credit card data or bank details were affected. The company has informed the relevant data protection authorities and notified affected customers by email, but did not provide details of the exact number of people affected.
Ransom demand in Bitcoin
According to the company, the hacker group contacted Kering at the beginning of June and demanded a ransom in Bitcoin. However, the company denies any negotiations with the cybercriminals and is thus following the recommendation of law enforcement authorities not to respond to ransom demands.
“In June, we discovered that an unauthorized third party had gained temporary access to our systems and viewed limited customer data from some of our brands,” explained a Kering spokesperson. The IT systems have since been secured.
Wave of attacks on the luxury sector
The attack is part of a wave of cyber attacks on luxury brands. Security incidents at Louis Vuitton and Chanel have also recently come to light
Those affected should exercise caution with suspicious emails, but also with messages or phone calls. As the stolen information could be misused for targeted fraud attempts, passwords should be changed and two-factor authentication activated if possible.
