More high-end retailers have reportedly fallen prey to Salesforce attacks. As first reported by DataBreaches.net, Gucci customer data was stolen last year. The data included more than 43 million records with customers’ names, age range, month and date of birth, email addresses, mobile phone numbers, addresses, total sales prices, and some additional information. The records were reportedly from the end of 2017 through the first part of 2024.
According to the news site, Gucci did not disclose the breach, and there is no indication that they have notified any of their customers whose information was stolen. Gucci’s parent company, Kering, did not respond to the site’s email inquiries.
Gucci was not the only Kering brand to allegedly fall prey to the Salesforce attack, it seems. DataBreaches.net also reports that almost 13 million records were stolen in a second attack that acquired data from customers of Balenciaga, Brioni, and Alexander McQueen. Those customers have reportedly not been notified, either.
Both attacks were claimed by the hacking group known as ShinyHunters, who gave the news site what they claim was negotiations between them and Balenciaga. The chat logs suggest that Balenciaga originally agreed to pay the criminals 750 000 euros to delete all the customer data but later withdrew that agreement and agreed to pay 500 000 euros, an agreement that they also subsequently revoked.
The Data Breach Times has not seen any leak or sale of the data from these attacks on the dark web or clear net forums at this time. Kering has other high-end fashion brands, including Yves Saint Laurent and Bottega Veneta. There has been no indication that those brands were also hit.
Given that Gucci’s customers and those of the other brands are likely to be high-wealth individuals, they should be made aware of the data theft because the stolen data may be used as part of phishing attacks or other scams. The brands or Kering may have obligations under the GDPR or other data protection laws to disclose the breaches and to notify people.
