After the high-profile cyberattack on the Tata Group-owned Jaguar Land Rover, two luxury fashion brands have been the victims of the latest attacks. The French conglomerate Kering, which owns Gucci and Balenciaga, has confirmed a cyberattack that affected the database of its customers, affecting nearly 7.4 million customers globally.
The cybercriminals, identified as the notorious ShinyHunters group, managed to access a treasure trove of personal information from the database of these luxury fashion brands. Kering says that the stolen data includes customer names, email addresses, phone numbers, home addresses, and, most importantly, detailed spending records.
Gucci, Balenciaga databases hacked
Based on the information from Kering, some of the compromised records reportedly show individual purchase amounts ranging from thousands to over $80,000. This highly sensitive information could make high-spending customers (the usual target group of these brands) prime targets for sophisticated scams and social engineering attacks.
Kering also stated that no financial information, such as credit card details or bank account numbers, was compromised in the incident. The company, which is based in Paris, has notified all affected customers and relevant data protection authorities across various countries.
The ShinyHunters group, which has been communicating through an encrypted messaging app, claimed responsibility for the attack. It was alleged that Kering was asked to pay the ransom in Bitcoin – a demand which the company has since refused to pay after following the guidance of law enforcement. Soon after, the group of hackers claimed the data and all other information.
Gucci, Balenciaga not the only luxury brands to be hacked
Prior to this, Jaguar Land Rover (JLR) confirmed having been hit by a major cyberattack that caused severe disruptions to its global operations. The incident, which was first detected at the end of August, forced the company to shut down its IT systems and halt production at factories in the UK and overseas. A group of hackers called “Scattered Lapsus$ Hunters” has claimed responsibility for the breach. The attack has not only halted manufacturing, causing a reported loss of over 1,000 cars a day and millions in revenue, but also created significant chaos in JLR’s supply chain.
