Luxury conglomerate Kering, owner of brands like Gucci, Balenciaga, and Alexander McQueen, suffered a significant data breach in April, where hackers linked to the group Shiny Hunters stole personal information of millions of customers.

The breach involved the theft of personal details such as names, email addresses, phone numbers, addresses, and total spending amounts, but notably did not include financial data like credit card information.

Approximately 7.4 million email addresses were compromised, with some high-spenders having spent between $10,000 and $86,000, raising concerns about targeted scams against wealthy customers.

Kering confirmed the breach, notified authorities, and took immediate containment measures, including working with cybersecurity experts and advising customers to monitor accounts and change passwords, while stating that no payment data was affected.

The attack was carried out through phishing, with hackers gaining access via employee login credentials in April, and Kering did not pay the ransom demanded in Bitcoin after negotiations failed, with unauthorized access identified in June.

The company’s response underscores the importance of upgrading cybersecurity, especially as digital transformation accelerates in the luxury sector, with ongoing investigations emphasizing corporate accountability.

Shiny Hunters claims to have negotiated a Bitcoin ransom with Kering, which the company denies, asserting it refused to pay and has secured its systems.

This incident highlights broader vulnerabilities in luxury and retail sectors, where cyberattacks exploit extensive digital footprints and supply chain weaknesses, with recent breaches at brands like Cartier and Louis Vuitton.

Cybersecurity experts warn that stolen personal data can be used for identity theft, scams, and phishing, especially targeting high-net-worth individuals, emphasizing the need for vigilance and strong security practices.

The breach has serious implications for customer trust in luxury brands, with public and industry reactions stressing the severity of the privacy breach and its impact on consumer confidence.

The incident was first reported by the BBC, which identified the hackers as the notorious group ShinyHunters, and it follows a pattern of cyberattacks on similar luxury brands.

The breach underscores the increasing cyber threats faced by luxury brands amid digital expansion, prompting calls for enhanced security measures and stricter compliance with data protection laws like GDPR.

Customers are advised to change passwords, enable two-factor authentication, stay vigilant against phishing, and monitor financial accounts to protect themselves from potential fraud.