It has been confirmed that the personal information of customers worldwide from luxury brands Balenciaga, Gucci, and Alexander McQueen has been leaked on a large scale. The number of affected individuals is estimated to be as high as 7.4 million.
According to a BBC report on the 15th (local time), Kering, the French luxury group that owns these brands, announced that it suffered a cyberattack in April, resulting in the theft of customer data. The stolen information included names, emails, phone numbers, addresses, and total purchase amounts.
This hacking incident has been attributed to a cybercriminal (or group) known as "Shiny Hunters." They claim to possess 7.4 million unique email addresses, and thousands of actual customer records were confirmed in samples provided to the BBC.
Notably, with total spending amounts also leaked, it was revealed that some customers spent over $10,000 (approximately 13.8 million won), with some spending as much as $86,000 (approximately 118 million won). As a result, there are growing concerns about secondary damages such as targeted hacking, phishing, and smishing against high-spending customers if the hacker distributes this data on the black market.
Kering Denies Ransom Negotiation Claims
In a Telegram interview with the BBC, the hacker claimed, "We breached Kering's systems in April and attempted a ransom negotiation in early June," but Kering denied this, stating, "We did not engage in any negotiations."
Kering explained, "In June, there was an external intrusion into the systems of some brands, and we confirmed that some customer information was leaked," adding, "Financial information such as credit cards, bank accounts, and government-issued IDs was not included." The company emphasized, "We conducted an emergency review of our IT security framework, and the system is now secure."
This incident is one of a recent series of hacking attacks targeting luxury brands. Cartier and Louis Vuitton have also notified customers of hacking incidents. Any connection between these cases and "Shiny Hunters" has not yet been established.
The United Kingdom’s National Cyber Security Centre (NCSC) recommends measures such as immediately changing passwords, enabling two-factor authentication, and not reusing the same password in the event of a personal information leak.
Meanwhile, South Korea has not been exempt from such hacking incidents. In the country, there have also been controversies over personal information leaks at Dior and Tiffany, both of which are part of the LVMH (Louis Vuitton Moet Hennessy) Group along with Louis Vuitton.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
