Kering, the luxury conglomerate behind iconic fashion houses including Gucci, Balenciaga, Alexander McQueen, and Yves Saint Laurent, officially confirmed a significant data breach on Monday. The security incident resulted in the unauthorized access and theft of sensitive customer information across its global subsidiary network.
Scope of the Stolen Data
According to reports, hackers successfully exfiltrated a broad range of personal identifiable information (PII). The compromised data includes customer names, email addresses, phone numbers, and physical home addresses. Furthermore, the breach exposed internal records detailing the total historical spending of customers across Kering’s retail locations worldwide.
The company has initiated direct contact with the affected individuals to notify them of the exposure. However, Kering has remained tight-lipped regarding the specific number of customers impacted by the security failure.
ShinyHunters Linked to the Attack
The notorious cybercriminal group ShinyHunters has claimed responsibility for the intrusion. While the group alleges that at least 7 million records were compromised, industry analysts and outlets like DataBreaches.net suggest the actual scale of the breach is likely significantly larger.
This incident follows a pattern of high-profile attacks attributed to the same group. ShinyHunters has recently focused on exploiting vulnerabilities in cloud-based databases, specifically those hosted by Salesforce. This campaign has impacted several major global entities, including Google, Allianz Life, Qantas, and Workday, highlighting a systemic risk in cloud infrastructure security.
Investigation and Response
The breach was first brought to public attention by the BBC. Kering has confirmed that it is currently managing the fallout of the incident, though it has explicitly stated that no negotiations or conversations have taken place with the threat actors involved.