Gucci, Balenciaga and Alexander McQueen Private Data Ransomed by Hackers

Cyber criminals have struck again, this time targeting some of the world's most prestigious luxury brands. Gucci, Balenciaga, and Alexander McQueen have been left reeling after hackers stole the private details of potentially millions of customers in an attack. The stolen data includes names, email addresses, phone numbers, addresses, and the total amount spent in these high-end stores around the globe.

Kering, the parent company of these luxury brands, has confirmed the breach and assured that no financial information, such as card details, were compromised. However, this has done little to alleviate concerns among customers, who are now facing a daunting task of securing their sensitive information after falling victim to this cyber-attack.

The cyber criminal behind the attack, known only by their pseudonym "Shiny Hunters," claims to have accessed data linked to 7.4 million unique email addresses, suggesting that the total number of individual victims could be in the millions. A small sample shared with BBC journalists as proof contained thousands of customer details, which appeared to be genuine and were subsequently deleted.

One of the most concerning aspects of this stolen data is the "Total Sales" figure, which shows how much money a person has spent with each brand. Some customers are shown to have spent upwards of $10,000, while others have spent as much as $30,000-$86,000 in stores. This information could lead to high spenders being targeted by secondary hacks and scams if the hacker decides to leak this data to other criminals.

Shiny Hunters appears to be acting alone and has contacted Kering through a Telegram chat over their demands for a ransom payment of Bitcoin. However, Kering denies any involvement in conversations with the hackers and claims that it has refused to pay the ransom in accordance with long-standing law enforcement advice.

The Attack: A Look Back

According to Kering's spokesperson, the data breach occurred in April at a time when several other luxury brands were also targeted by cyber-attacks. Cartier and Louis Vuitton were among those affected, although it is unclear if these attacks are linked to Shiny Hunters.

In June, cybersecurity experts at Google issued a warning about a trend of attacks linked to Shiny Hunters, which have been stealing data through tricking employees into handing over their login details for internal company Salesforce software. It appears that this cyber group has also targeted other companies beyond the luxury brands.

Protect Yourself

So what can you do if your information has been stolen? Stolen information in cyber-attacks may include your name, address, date of birth, and online order history. Scammers may use these details to try and contact you pretending to be another organization, including a bank or government.

It is essential to stay vigilant if you receive suspicious emails, messages, or phone calls. Be aware that scammers often try to press you into doing something urgently. If you do get a call from your bank and are unsure if it's genuine, hang up and call the number on your card or the bank's website.

The National Cyber Security Centre advises changing your password and using two-factor authentication whenever possible. Passwords made up of three random words are harder to crack, and not reusing passwords across multiple accounts is crucial in preventing cyber-attacks.