Hackers breached Kering, the parent company of luxury brands like Gucci, Balenciaga, Brioni, and Alexander McQueen, stealing **56 million customer records** (43M from Gucci alone). The intrusion occurred in **June 2024**, with attackers exfiltrating data from Kering’s **Salesforce account**. The stolen records reportedly include sensitive customer information, though specifics (e.g., payment details, PII) remain undisclosed. The hackers claimed to have negotiated a **$500,000 ransom**, which Kering allegedly refused to pay. Following the breach, Gucci’s tokenized assets crashed **80% in value**, signaling severe reputational and financial fallout. The attack underscores vulnerabilities in third-party cloud platforms (Salesforce) and the high-value target nature of luxury retail databases for cybercriminals.
Source: https://news.risky.biz/risky-bulletin-ai-chatbot-disinformation-doubles-in-a-year/
TPRM report: https://www.rankiteo.com/company/kering
"id": "ker3565635100325",
"linkid": "kering",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '56 million',
'industry': 'Luxury Fashion',
'location': 'France (HQ)',
'name': 'Kering Group',
'size': 'Large (Global, ~40,000 employees)',
'type': 'Conglomerate'},
{'customers_affected': '43 million',
'industry': 'Luxury Fashion',
'location': 'Global',
'name': 'Gucci',
'type': 'Subsidiary'},
{'customers_affected': 'Part of 13 million',
'industry': 'Luxury Fashion',
'location': 'Global',
'name': 'Balenciaga',
'type': 'Subsidiary'},
{'customers_affected': 'Part of 13 million',
'industry': 'Luxury Fashion',
'location': 'Global',
'name': 'Brioni',
'type': 'Subsidiary'},
{'customers_affected': 'Part of 13 million',
'industry': 'Luxury Fashion',
'location': 'Global',
'name': 'Alexander McQueen',
'type': 'Subsidiary'},
{'industry': 'Cloud CRM',
'location': 'USA (HQ)',
'name': 'Salesforce',
'size': 'Large',
'type': 'Third-Party Vendor'}],
'attack_vector': ['Compromised Cloud Account (Salesforce)',
'Credential Theft/Phishing (likely)'],
'customer_advisories': 'Pending (likely to include credit monitoring offers)',
'data_breach': {'data_exfiltration': 'Confirmed (56M records stolen)',
'file_types_exposed': ['Database Dumps', 'CSV/Excel (likely)'],
'number_of_records_exposed': '56 million',
'personally_identifiable_information': ['Names',
'Email Addresses',
'Phone Numbers',
'Physical Addresses '
'(likely)',
'Payment Preferences '
'(possible)'],
'sensitivity_of_data': 'High (luxury customer data, potential '
'financial details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Customer Profiles',
'Purchase Histories (likely)']},
'date_detected': '2025-06-01',
'description': "Hackers breached Kering's Salesforce account in June 2025, "
'stealing 43 million customer records from Gucci and 13 '
'million records from other brands (Balenciaga, Brioni, '
'Alexander McQueen). The attackers allegedly negotiated a '
'$500,000 ransom, which Kering did not pay. The breach was '
'disclosed after the data was exfiltrated, causing potential '
'reputational and operational damage.',
'impact': {'brand_reputation_impact': 'High (luxury brands targeted, public '
'disclosure of breach)',
'customer_complaints': 'Likely (not quantified)',
'data_compromised': '56 million customer records (43M Gucci, 13M '
'other brands)',
'financial_loss': '$500,000 (ransom demanded, unpaid) + potential '
'regulatory fines and remediation costs',
'identity_theft_risk': 'High (customer PII exposed)',
'legal_liabilities': ['Potential GDPR fines (up to 4% of global '
'revenue)',
'Class-action lawsuits from affected '
'customers'],
'operational_impact': ['Customer trust erosion',
'Potential legal and compliance violations '
'(e.g., GDPR)'],
'systems_affected': ['Salesforce CRM', 'Customer Databases']},
'initial_access_broker': {'data_sold_on_dark_web': 'Possible (if ransom '
'unpaid)',
'entry_point': ['Compromised Salesforce Credentials '
'(likely phishing or credential '
'stuffing)'],
'high_value_targets': ['Customer Databases',
'Loyalty Program Data '
'(likely)']},
'investigation_status': 'Ongoing (no official resolution announced)',
'lessons_learned': ['Third-party risk management failures (Salesforce '
'compromise)',
'Inadequate MFA or credential protection for critical '
'cloud accounts',
'Delayed public disclosure increases reputational risk',
'Luxury brands are high-value targets for data theft and '
'extortion'],
'motivation': ['Financial Gain (Ransom Demand)', 'Data Theft for Resale'],
'post_incident_analysis': {'corrective_actions': ['Mandatory MFA for all '
'Salesforce users',
'Real-time alerting for '
'bulk data exports',
'Isolation of subsidiary '
'data within Salesforce',
'Employee training on '
'phishing and credential '
'hygiene'],
'root_causes': ['Weak authentication for '
'Salesforce admin accounts',
'Lack of continuous monitoring for '
'anomalous data access',
'Insufficient segmentation between '
"Kering subsidiaries' data in "
'Salesforce',
'Delayed detection (breach '
'occurred in June, disclosed '
'later)']},
'ransomware': {'data_encryption': 'No (data exfiltration only)',
'data_exfiltration': 'Yes (56M records)',
'ransom_demanded': '$500,000',
'ransom_paid': 'No'},
'recommendations': ['Implement strict MFA for all cloud accounts (especially '
'CRM systems like Salesforce)',
'Conduct third-party security audits for vendors handling '
'customer data',
'Establish a transparent breach disclosure timeline to '
'maintain customer trust',
'Enhance monitoring for unusual data access patterns in '
'cloud environments',
'Develop a pre-negotiated incident response plan with '
'cybersecurity firms'],
'references': [{'date_accessed': '2025-09-16',
'source': 'DataBreaches.net',
'url': 'https://www.databreaches.net'},
{'date_accessed': '2025-09-16',
'source': 'Risky Business Newsletter',
'url': 'https://risky.biz'}],
'regulatory_compliance': {'legal_actions': ['Potential class-action lawsuits',
'Regulatory investigations (e.g., '
'CNIL in France)'],
'regulations_violated': ['GDPR (EU)',
'CCPA (California, if '
'applicable)',
'French Data Protection '
'Laws'],
'regulatory_notifications': ['CNIL (France, likely)',
'Other EU DPAs (if EU '
'customers affected)']},
'response': {'communication_strategy': ['Internal (confirmed)',
'Public Disclosure (pending)'],
'containment_measures': ['Salesforce Account Lockdown (assumed)',
'Password Resets',
'Session Termination'],
'enhanced_monitoring': 'Likely (assumed)',
'incident_response_plan_activated': 'Likely (not confirmed)',
'remediation_measures': ['Customer Notification (pending)',
'Credit Monitoring (likely)',
'Salesforce Security Review'],
'third_party_assistance': ['Cybersecurity Forensics (assumed)',
'Legal Counsel (assumed)']},
'title': 'Kering Group (Gucci, Balenciaga, Brioni, Alexander McQueen) '
'Customer Data Breach via Salesforce Compromise',
'type': ['Data Breach', 'Unauthorized Access', 'Extortion Attempt'],
'vulnerability_exploited': ['Weak or Stolen Credentials',
'Insufficient Multi-Factor Authentication (MFA)',
'Salesforce Misconfiguration']}