Luxury Leak Horror: Gucci, Balenciaga and McQueen Hacked in Cyber-Attack Exposing Millions of High-End Shoppers

A shocking cyber attack has rocked the world of high fashion. A recent security breach has exposed the personal details of millions of luxury shoppers who frequent iconic brands such as Gucci, Balenciaga and Alexander McQueen.

This massive leak has sent a chill through the industry, raising serious concerns about the safety of consumer data in the digital age.

The Shocking Details of the Breach

Millions of shoppers of luxury brands like Gucci, Balenciaga and Alexander McQueen may be at risk following a cyber attack on the companies. The French parent company of the brands, Kering, has verified the breach in a statement.

Without identifying the specific labels, the company stated that it discovered in June that 'an unauthorised third party gained temporary access to our systems and accessed limited customer data from some of our Houses.'

A BBC report states that the stolen customer data comprises names, email addresses, phone numbers, addresses and the total amount spent at the labels' stores. Kering, however, claims that no financial details, including credit card or bank account numbers, were compromised.

Who is Behind the Attack?

The cyber criminal, known as Shiny Hunters, alleges they have obtained information from 7.4 million unique email addresses, which implies a similar number of individuals have been affected.

To prove their claims, the BBC was given a small sample containing thousands of seemingly authentic customer details, which were subsequently deleted after being analysed. Among the stolen information is a 'Total Sales' field, which reveals the total sum a customer has spent with each brand.

The small sample reviewed by the BBC showed that some customers had spent over $10,000 (£7,330.60) in the stores, with a small number of them having spent between $30,000 (£21,991.80) and $86,000 (£63,043.15).

This is especially worrying for victims because the hacker could leak the information to other criminals, potentially leading to high-spending customers being targeted in future attacks and scams.

The cyber-criminal group, which appears to be operating independently, informed the BBC via a Telegram chat that they had infiltrated luxury brands in April by breaching Kering.

The Companies' Response

The hacker, who got in touch with the French firm in early June, alleges they were involved in intermittent ransom negotiations with the company, demanding payment in Bitcoin. Kering denies this, stating it has not communicated with the criminal and has refused to pay, in line with long-standing advice from law enforcement.

Kering stated that its brands immediately reported the breach to the appropriate authorities and informed customers as required by local regulations. However, the company declined to comment when Reuters asked which countries were impacted by the attack.

'In June, we identified that an unauthorised third party gained temporary access to our systems and accessed limited customer data from some of our Houses.'

'No financial information - such as bank account numbers, credit card information, or government-issued identification numbers - was involved in the incident', a Kering spokesperson said, adding it has since secured its IT systems.

A History of High-Fashion Hacks

A series of cyberattacks has been hitting luxury brands and retailers this year, and this incident seems to be part of that pattern. Security breaches have also been reported at Richemont's Cartier and some of LVMH's labels.

Hong Kong's privacy watchdog announced in July that it was looking into a data leak that impacted approximately 419,000 customers of LVMH's brand, Louis Vuitton.

What to Do if Your Data Was Stolen

When your data is stolen in a cyber-attack, it could include your name, address, date of birth and online purchase history. Criminals may use this information to appear legitimate and attempt to contact you while impersonating another organisation, such as a bank or a government agency.

It's vital to remain alert to any suspicious emails, messages, or phone calls. Be aware that scammers frequently try to pressure you into acting urgently.