Customers of luxury brands like Balenciaga, Gucci, and Alexander McQueen have recently had their personal information stolen by cybercriminals. The parent company of these brands, Kering, revealed that hackers accessed customer details including names, email addresses, phone numbers, mailing addresses, and purchase amounts from stores around the world. Importantly, no financial data such as credit card numbers or bank details were taken.
The breach, which happened in April, was reported to data protection authorities and affected customers were notified via email. Kering did not reveal the exact number of people impacted. A hacking group called ShinyHunters has claimed responsibility. They told the BBC that they hold data linked to 7.4 million unique email addresses and shared some sample records that appeared genuine. Some of the victims had spent tens of thousands of dollars, raising concerns that these high-value clients might face targeted scams if the information leaks publicly.
ShinyHunters contacted Kering in June and demanded a ransom in Bitcoin. However, Kering refused to negotiate or pay the ransom, following recommendations from law enforcement. A Kering spokesperson confirmed the unauthorized access was temporary and limited to certain customer details, emphasizing that no sensitive financial or government-issued identification information was involved.
This attack is part of a recent surge in cyber intrusions targeting luxury retailers like Cartier and Louis Vuitton. However, it’s not clear if these incidents are connected. Security researchers from Google have linked the ShinyHunters group to phishing campaigns that trick employees into giving up login information to internal systems like Salesforce.
Experts warn that stolen personal details can be used by scammers pretending to be banks or government agencies. The UK’s National Cyber Security Centre advises people to watch out for suspicious messages, avoid urgent calls demanding personal information, and verify contacts through official numbers. They also recommend changing passwords, enabling two-factor authentication, and using unique logins made from random words.
If you shop with these brands, it’s a good time to be extra cautious and keep an eye out for any unusual activity in your accounts or emails.