New Delhi: Luxury fashion giant Kering has confirmed that it had a significant data breach involving customers of its flagship brands, and that includes Gucci, Balenciaga and Alexander McQueen. In the attack that was revealed in June, the Paris-based group said that hackers gained access to the information of possibly millions of people. Names, phone numbers, email addresses and dates of birth were exposed, but no money-related information like bank details or identification numbers was stolen.
Shiny Hunters is a credible ransomware group that has recently released examples of stolen data on Telegram, a group associated with this attack. Reports indicate that the data leaked was of customer spending, where some of them were reported to have spent up to $86,000 at stores. Kering explained that it had hastened to report the matter to authorities, as well as to other customers who were affected, enhancing its systems to ensure further occurrences do not occur.
Ransom group behind breach
The breach was declared by Shiny Hunters, which targeted international corporations in the past. The group informed the BBC that it had accessed the systems at Kering as early as April, two months before Kering had detected abnormal activity. According to security experts, the hackers are now moving towards luxury and retail brands where the high-net-worth clients are offering profitable data.
Rising wave of cyber attacks
The hack contributes to an ever-increasing number of cyberattacks that target large consumer enterprises. Louis Vuitton also announced that it had been a victim of a customer data breach in July. The Co-op and Harrods, M&S companies, are also based in the UK and have been subject to similar cases. Outside of the retail industry, the automotive market is not doing well: Jaguar Land Rover has kept its factories closed after a cyberattack that disabled its computer systems.
Kering announced that the attack was contained in a short time and showed that no payment or government ID information was stolen. Nevertheless, analysts caution that the personal information that is left uncovered may continue to be used to create phishing and identity theft in regard to the impacted customers.