Luxury fashion brands Gucci and Alexander McQueen suffer data breach, compromising customer information.
In a worrying turn of events, luxury fashion brands Gucci, Alexander McQueen, and Balenciaga have experienced a significant data breach. The cyberattack, orchestrated by the hacker group known as ShinyHunters, was confirmed by Kering, the French-based holding company for all three brands.
The breach was initially discovered in June, when an unauthorized third party gained temporary access to Kering's system and accessed limited customer service data from its brands. The impacted data included details of individual customers' spending with the brands. However, no financial information such as bank account numbers, credit card information, or government-issued identification numbers were involved in the incident.
ShinyHunters claimed to have breached the luxury brands through Kering in April and contacted the firm in June to negotiate over a ransom payment. The group has reportedly compromised Salesforce customer instances using vishing techniques. A sample of files claimed to have been exfiltrated by ShinyHunters was shared with the BBC, which confirmed the presence of thousands of customer details, which appear to be genuine.
The data breach is linked to the ShinyHunters gang, who have also reportedly compromised the data of luxury brands Dior, Adidas, Louis Vuitton, Cartier, Chanel, Pandora, and Victoria's Secret. The exposure of customer spending data from luxury brands could increase the risk of follow-on fraud, particularly if the information is sold on the dark web to other criminal actors.
Attackers are drawn to luxury brands because of their global recognition and the high-net-worth individuals in their customer bases. The personal details of customers from these luxury brands can be especially valuable to attackers.
The fact that Kering is only now announcing the breach could signal that more victims are still having their data processed by the group behind the scenes. Trend Micro's threat researcher warns that more victims may still be at risk.
At the time of writing, Infosecurity has reached out to Kering for comment but has not received a response. The ongoing investigation is a reminder of the importance of robust cybersecurity measures in the digital age, especially for companies handling sensitive customer service data.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Comcast Introduces Sports-Oriented Video Bundle in Preparation for the World Cup Tournament
- Is Maruti's reign over the SUV market being challenged by Mahindra's aggressive move to snatch the top spot?
- Social Security Administration Abandons Plan for Electronic Payments: Important Information for Recipients of Benefits
