- Kering customer data breach affected 7.4 million users across Gucci, Balenciaga, and Alexander McQueen
- High spenders, some over $80,000, may face targeted scams due to leaked personal and purchase data
- Kering denies ransom talks; confirms no financial data stolen and authorities have been notified
French luxury powerhouse, Kering, suffered a data breach recently, in which it lost sensitive information on millions of Balenciaga, Gucci and Alexander McQueen customers.
A group known as Shiny Hunters took responsibility for this attack.
This group is also responsible for breaches at Google, Adidas, Louis Vuitton, and many others - through the Salesforce account compromise that’s been filling up news websites lately.
Targeting high spenders
The group claims to have stolen 7.4 million unique email addresses, the BBC said in its report, hinting that the number of victims could be similar. The publication was given a sample of the stolen data, to confirm its authenticity, and said that among the stolen information are people’s names, email addresses, phone numbers, addresses, and the total amount spent in luxury stores around the world.
At the same time, Kering said financial and payment information was not stolen. The company stressed that relevant data protection and law enforcement agencies have been notified of the attack.
In its investigation, the BBC said that it saw customers who spent more than $10,000 in these stores, as well as those that spent up to $86,000.
“This information is particularly concerning for victims as it could lead to high spenders being targeted by secondary hacks and scams if the hacker decides to leak the information to other criminals,” it said.
ShinyHunters said the breach happened in April, and in the months following the attack has been negotiating with the company to delete the files in exchange for a bitcoin payment. Kering denied any communication with the attackers, much less any negotiation over a ransom.
"In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information - such as bank account numbers, credit card information, or government-issued identification numbers - was involved in the incident," a Kering spokesperson told the BBC.
Via BBC
You might also like
- Google says hackers stole some of its data following Salesforce breach
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
