Most recently, the Shiny Hunters gang’s cyberattack on multiple high-end luxury brands has exposed millions of customer records. This applies to some big names within that Kering portfolio, including Gucci, Balenciaga and Alexander McQueen. The hackers gained temporary access to the brands’ systems in June, leading to concerns over the security of sensitive customer information.
Per Shiny Hunters, the leak is exposing 7.4 million unique email addresses associated with customers of these luxury estates. The access to restricted customer data was the main target of their incursion. The implications are overwhelming, largely because of the spotlight placed on these brands. That makes Shiny Hunters just one among many cyberattacks trending this year. Earlier this year, Google’s cybersecurity specialists started sounding the alarm about this disturbing trend.
In the first week of June, this notorious cybercriminal group contacted a French company. They alleged they had been in round-the-clock negotiations with the company over a ransom payment made in Bitcoin. Now, the misanthropic Shiny Hunters is loose and going on their own. No known conflicts of interest at present.
Shiny Hunters has turned its attention towards Kering’s luxury labels. They’ve gone after other big players in the luxury space as well, including Cartier and Louis Vuitton. They followed up with a spring and summer of attacks on these brands, which began in earnest in April. This recent wave of activity matched up with their continued penetrations into high-end retail networks.
As Kering spokesman released a lengthy statement that went further, stressing the gravity of Kering’s action. Their words focused on the severity of the violation.
“In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information – such as bank account numbers, credit card information, or government-issued identification numbers – was involved in the incident.” – Kering spokesperson
The breach shuts down any debate about the overriding security of luxury brands. Are they ready and willing to defend themselves against these advanced cyber threats? In addition to their investigation mandated by Congress, those companies impacted are surely rethinking their cybersecurity defenses and making changes to avoid future breaches.
At that point, matters escalated dramatically when Google itself came under attack. This attack was eventually linked to Shiny Hunters, highlighting that group’s remarkable ability and cybercriminal scope. This latest attack on Google comes just after a warning released in June by Google’s cybersecurity division about rising threats.
This isn’t the first time that Shiny Hunters have kept in close contact with the press, sending detailed updates on their exploits via Telegram group chats. Unlike their predecessors, they don’t shy away from making the rounds on public forums. This approach is meant partially to meet ransom requests, but more importantly to claim their dominance within the hacker underworld.
Leading luxury brands are doing everything they can to overcome this egregious misstep. Not only do they need to restore customer trust but they need to address vulnerabilities within their increasingly complex digital infrastructures simultaneously. This event will play out in wider ways than just economic hardship. Brands will need to consider how they will continue to protect and grow their reputations in a fast-paced, dynamic and expansive digital marketplace.