Kering
Company Details
Linkedin ID:
kering
Website:
Employees number:
37,699
Number of followers:
823,450
NAICS:
4483
Industry Type:
Homepage:
kering.com
IP Addresses:
193
Company ID:
KER_2288315
Scan Status:
Completed
Kering Company CyberSecurity Posture
kering.com
Kering is a global, family-led luxury group, home to people whose passion and expertise nurture creative Houses across ready-to-wear and couture, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beauté. Inspired by their creative heritage, Kering’s Houses design and craft exceptional products and experiences that reflect the Group’s commitment to excellence, sustainability and culture. This vision is expressed in our signature: Creativity is our Legacy.
Kering A.I CyberSecurity Scoring
Kering Risk Score (AI oriented)Between 700 and 749
Kering
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Kering Global Score (TPRM)XXXX
Kering
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Kering Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Kering (Gucci, Balenciaga, Brioni, Alexander McQueen)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Hackers breached Kering, the parent company of luxury brands like Gucci, Balenciaga, Brioni, and Alexander McQueen, stealing **56 million customer records** (43M from Gucci alone). The intrusion occurred in **June 2024**, with attackers exfiltrating data from Kering’s **Salesforce account**. The stolen records reportedly include sensitive customer information, though specifics (e.g., payment details, PII) remain undisclosed. The hackers claimed to have negotiated a **$500,000 ransom**, which Kering allegedly refused to pay. Following the breach, Gucci’s tokenized assets crashed **80% in value**, signaling severe reputational and financial fallout. The attack underscores vulnerabilities in third-party cloud platforms (Salesforce) and the high-value target nature of luxury retail databases for cybercriminals.
Kering
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Kering, a French luxury goods conglomerate, suffered a data breach in April when an unauthorized third party (the cybercriminal group **Shiny Hunters/UNC6040**) gained temporary access to its systems. The attacker exploited compromised employee credentials to access **Salesforce software**, stealing customer data linked to **7.4 million unique email addresses**. The exposed information included **purchase histories (e.g., 'Total Sales' showing individual spending up to $86,000)**, raising concerns about targeted secondary scams against high-value customers. While no financial data (e.g., bank details, credit cards, or government IDs) was compromised, the breach poses significant **reputational and fraud risks**. The hacker demanded a **ransom in Bitcoin**, which Kering refused per law enforcement guidance. The company privately notified affected customers but made **no public disclosure**, despite the breach coinciding with similar attacks on other luxury brands (e.g., Cartier, Louis Vuitton). Google later linked Shiny Hunters to a broader campaign of **phishing-based Salesforce breaches**, highlighting systemic vulnerabilities in employee authentication.
Kering Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Kering
Incidents vs Retail Luxury Goods and Jewelry Industry Average (This Year)
Kering has 61.29% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Kering has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Kering vs Retail Luxury Goods and Jewelry Industry Avg (This Year)
Kering reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Kering (X = Date, Y = Severity)
Kering cyber incidents detection timeline including parent company and subsidiaries
Kering Company Subsidiaries
Kering is a global, family-led luxury group, home to people whose passion and expertise nurture creative Houses across ready-to-wear and couture, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beauté. Inspired by their creative heritage, Kering’s Houses design and craft exceptional products and experiences that reflect the Group’s commitment to excellence, sustainability and culture. This vision is expressed in our signature: Creativity is our Legacy.
Loading...
Kering Similar Companies
Gucci
Founded in Florence, Italy in 1921, Gucci is one of the world’s leading luxury brands. Following the House’s centenary, Gucci forges ahead continuing to redefine fashion and luxury while celebrating creativity, Italian craftsmanship, and innovation. Gucci is part of the global luxury group Kering,
Prada Group
The Prada Group is a global leader in the luxury industry and a pioneer in its unconventional dialogue with contemporary society across diverse cultural spheres. Home to prestigious brands as Prada, Miu Miu, Church’s, Car Shoe, Marchesi 1824 and Luna Rossa, the Group remains committed to enhancing
Swatch Group
The Swatch Group Ltd is an international group active in the manufacture and sale of finished watches, jewelry, watch movements and components. Swatch Group supplies nearly all components required for the watches sold by its 16 watch and jewelry brands as well as by its two retail brands, Tourbillon
Christian Dior Couture
Welcome to Christian Dior Couture, House of Dreams, House of Talents. Christian Dior was the designer of dreams. In founding his House in 1947, marked by the revolution of the New Look, he metamorphosed his reveries into wonderful creations. His visionary spirit never ceased to make Clients all ove
Tiffany & Co.
In 1837 Charles Lewis Tiffany founded his company in New York City where his store was soon acclaimed as the palace of jewels for its exceptional gemstones. Since then TIFFANY & CO. has become synonymous with elegance, innovative design, fine craftsmanship and creative excellence. During the 20th ce
Louis Vuitton
For more than 150 years, men and women at Louis Vuitton have shared the same spirit of excellence and passion, reaffirming their expertise every day, the world over. With us, every career is a journey, filled with excitement and challenge, desire and daring. There is no better way to reveal your pot
Pandora is the world’s largest jewellery brand. The company designs, manufactures and markets hand-finished jewellery made from high-quality materials at affordable prices Pandora jewellery is sold in more than 100 countries through more than 6,500 points of sale, including more than 2,500 concept s
Chanel is a private company and world leader in creating, manufacturing and distributing luxury products, including Ready-to-Wear, Accessories, Fragrances, Makeup, Skincare, Jewellery and Watches. Founded by Gabrielle Chanel in 1910, the House remains dedicated to exceptional craftsmanship and offer
LVMH is the world leader in luxury. A family group founded in 1987 and headed by Chairman and CEO Bernard Arnault, LVMH is now home to 75 iconic Maisons, which embody a distinctive art de vivre blending heritage and modernity. With reported sales of 86.2 billion euros in 2023 and 6000 stores around
.png)
Kering CyberSecurity News
October 17, 2025 07:00 AM
ICO Shares Tips for Small Businesses to Defend Against Cyber Attacks: 'Password123' is Probably not Going to Cut it!
Cyberattacks feel pretty inescapable at the moment. They've always been there but in recent months there have been countless high profile...
September 25, 2025 07:00 AM
What the Latest Cyber Attacks Mean for Luxury Supply Chains
A ransomware attack on Gucci, Balenciaga and McQueen exposes customer data and highlights growing cybersecurity gaps in luxury retail supply...
September 23, 2025 07:00 AM
Kering cyber attack: 7.4 million customers targeted
Our investigation reveals that in June 2025, the Kering luxury group suffered a massive cyberattack, affecting the Gucci, Balenciaga and...
September 19, 2025 07:00 AM
In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias
Noteworthy stories that might have slipped under the radar: Eve Security seed funding, Claroty report, patches from WatchGuard and Nokia.
September 18, 2025 07:00 AM
What Kering’s Cyber Attack Teaches Industries About AI
The cyber attack exposing 7.4 million customer's data across Kering's Gucci, Balenciaga and Alexander McQueen shows how AI can both help and...
September 17, 2025 07:00 AM
Kering Customer Data Stolen, Amid Surge In Cyberattacks Against Luxury Brands
French luxury conglomerate Kering, parent of Gucci, Saint Laurent and Balenciaga, confirmed a data breach that puts millions of customer...
September 17, 2025 07:00 AM
Fashion’s Cybersecurity Target: A Year of Breaches at Adidas, Kering, and LVMH
Just over a year ago, in September 2024, the Spanish fashion retail group Tendam suffered a cyber attack in which cybercriminals gained access...
September 17, 2025 07:00 AM
Kering data breach exposes 7.4m luxury customers’ details & spend
Kering has revealed a data breach exposing details and spending info of 7.4 million customers of Gucci, Balenciaga, and Alexander McQueen.
September 17, 2025 07:00 AM
AI-Driven Hack Hits Gucci, Balenciaga and McQueen's Data
Cyber attackers have stolen customer details from Gucci, Balenciaga and Alexander McQueen, highlighting major cybersecurity flaws in retail...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Kering CyberSecurity History Information
Official Website of Kering
The official website of Kering is https://www.kering.com/en.
Kering’s AI-Generated Cybersecurity Score
According to Rankiteo, Kering’s AI-generated cybersecurity score is 738, reflecting their Moderate security posture.
How many security badges does Kering’ have ?
According to Rankiteo, Kering currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Kering have SOC 2 Type 1 certification ?
According to Rankiteo, Kering is not certified under SOC 2 Type 1.
Does Kering have SOC 2 Type 2 certification ?
According to Rankiteo, Kering does not hold a SOC 2 Type 2 certification.
Does Kering comply with GDPR ?
According to Rankiteo, Kering is not listed as GDPR compliant.
Does Kering have PCI DSS certification ?
According to Rankiteo, Kering does not currently maintain PCI DSS compliance.
Does Kering comply with HIPAA ?
According to Rankiteo, Kering is not compliant with HIPAA regulations.
Does Kering have ISO 27001 certification ?
According to Rankiteo,Kering is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Kering
Kering operates primarily in the Retail Luxury Goods and Jewelry industry.
Number of Employees at Kering
Kering employs approximately 37,699 people worldwide.
Subsidiaries Owned by Kering
Kering presently has no subsidiaries across any sectors.
Kering’s LinkedIn Followers
Kering’s official LinkedIn profile has approximately 823,450 followers.
NAICS Classification of Kering
Kering is classified under the NAICS code 4483, which corresponds to Jewelry, Luggage, and Leather Goods Stores.
Kering’s Presence on Crunchbase
Yes, Kering has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/kering.
Kering’s Presence on LinkedIn
Yes, Kering maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/kering.
Cybersecurity Incidents Involving Kering
As of November 27, 2025, Rankiteo reports that Kering has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Kering has an estimated 1,365 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Kering ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
What was the total financial impact of these incidents on Kering ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $500 thousand.
How does Kering detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes (systems secured post-breach), and law enforcement notified with implied (followed advice not to pay ransom), and containment measures with secured it systems, containment measures with revoked unauthorized access, and internal with none, external with emailed affected customers (no public statement), transparency level with low (no details on number of victims or public disclosure), and incident response plan activated with likely (not confirmed), and third party assistance with cybersecurity forensics (assumed), third party assistance with legal counsel (assumed), and containment measures with salesforce account lockdown (assumed), containment measures with password resets, containment measures with session termination, and remediation measures with customer notification (pending), remediation measures with credit monitoring (likely), remediation measures with salesforce security review, and communication strategy with internal (confirmed), communication strategy with public disclosure (pending), and enhanced monitoring with likely (assumed)..
Incident Details
Can you provide details on each incident ?
Title: Kering Data Breach by Shiny Hunters
Description: The luxury goods conglomerate Kering suffered a data breach in April, where an unauthorized third party (Shiny Hunters) gained temporary access to its systems and exfiltrated customer data linked to 7.4 million unique email addresses. The stolen data includes 'Total Sales' figures, revealing high-spending customers who may now be targeted for secondary scams. Kering refused to pay the ransom demanded by Shiny Hunters and claims no financial or government-issued identification data was compromised. The breach was part of a broader wave of attacks on luxury brands, including Cartier and Louis Vuitton.
Date Detected: 2023-06
Type: Data Breach
Attack Vector: Credential Theft (Salesforce Logins)Social Engineering
Vulnerability Exploited: Human error (tricked employees into handing over login credentials for internal Salesforce software)
Threat Actor: Name: Shiny Hunters (aka UNC6040)Type: Individual/Cybercriminal GroupMotivation: ['Financial Gain (Ransom Demand)', 'Data Theft for Resale']Known Aliases: ['UNC6040']
Motivation: Financial GainData Exfiltration for Secondary Exploitation
Title: Kering Group (Gucci, Balenciaga, Brioni, Alexander McQueen) Customer Data Breach via Salesforce Compromise
Description: Hackers breached Kering's Salesforce account in June 2025, stealing 43 million customer records from Gucci and 13 million records from other brands (Balenciaga, Brioni, Alexander McQueen). The attackers allegedly negotiated a $500,000 ransom, which Kering did not pay. The breach was disclosed after the data was exfiltrated, causing potential reputational and operational damage.
Date Detected: 2025-06-01
Type: Data Breach
Attack Vector: Compromised Cloud Account (Salesforce)Credential Theft/Phishing (likely)
Vulnerability Exploited: Weak or Stolen CredentialsInsufficient Multi-Factor Authentication (MFA)Salesforce Misconfiguration
Motivation: Financial Gain (Ransom Demand)Data Theft for Resale
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised employee credentials (Salesforce logins) and Compromised Salesforce Credentials (likely phishing or credential stuffing).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KER0692106091525
Data Compromised: Customer Records: 7, 4, 0, 0, 0, 0, 0, Details: [, ', E, m, a, i, l, , a, d, d, r, e, s, s, e, s, ', ,, , ', T, o, t, a, l, , S, a, l, e, s, , (, p, u, r, c, h, a, s, e, , h, i, s, t, o, r, y, ), ', ,, , ', C, u, s, t, o, m, e, r, , s, p, e, n, d, i, n, g, , p, a, t, t, e, r, n, s, ', ],
Systems Affected: Internal Salesforce softwareCustomer databases
Operational Impact: Temporary unauthorized access; systems later secured
Customer Complaints: Likely (not quantified; customers notified via email)
Brand Reputation Impact: Moderate to High (luxury brand trust erosion, potential secondary scams targeting high-spending customers)
Legal Liabilities: None disclosed (company claims compliance with notification requirements)
Identity Theft Risk: Low (no government-issued IDs or financial data stolen, but high-spending customers at risk of targeted scams)
Payment Information Risk: None (no credit card or bank details compromised)
Incident : Data Breach KER3565635100325
Financial Loss: $500,000 (ransom demanded, unpaid) + potential regulatory fines and remediation costs
Data Compromised: 56 million customer records (43M Gucci, 13M other brands)
Systems Affected: Salesforce CRMCustomer Databases
Operational Impact: Customer trust erosionPotential legal and compliance violations (e.g., GDPR)
Customer Complaints: Likely (not quantified)
Brand Reputation Impact: High (luxury brands targeted, public disclosure of breach)
Legal Liabilities: Potential GDPR fines (up to 4% of global revenue)Class-action lawsuits from affected customers
Identity Theft Risk: High (customer PII exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $250.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data (Emails), Transaction Data (Total Sales), Customer Profiles, , Personally Identifiable Information (Pii), Customer Profiles, Purchase Histories (Likely) and .
Which entities were affected by each incident ?
Incident : Data Breach KER0692106091525
Entity Name: Kering
Entity Type: Conglomerate
Industry: Luxury Goods
Location: France
Size: Large (multinational, owns brands like Gucci, Saint Laurent, Bottega Veneta)
Customers Affected: 7400000
Incident : Data Breach KER3565635100325
Entity Name: Kering Group
Entity Type: Conglomerate
Industry: Luxury Fashion
Location: France (HQ)
Size: Large (Global, ~40,000 employees)
Customers Affected: 56 million
Incident : Data Breach KER3565635100325
Entity Name: Gucci
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: 43 million
Incident : Data Breach KER3565635100325
Entity Name: Balenciaga
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: Part of 13 million
Incident : Data Breach KER3565635100325
Entity Name: Brioni
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: Part of 13 million
Incident : Data Breach KER3565635100325
Entity Name: Alexander McQueen
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: Part of 13 million
Incident : Data Breach KER3565635100325
Entity Name: Salesforce
Entity Type: Third-Party Vendor
Industry: Cloud CRM
Location: USA (HQ)
Size: Large
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KER0692106091525
Incident Response Plan Activated: Yes (systems secured post-breach)
Law Enforcement Notified: Implied (followed advice not to pay ransom)
Containment Measures: Secured IT systemsRevoked unauthorized access
Communication Strategy: External: Emailed affected customers (no public statement), Transparency Level: Low (no details on number of victims or public disclosure).
Incident : Data Breach KER3565635100325
Incident Response Plan Activated: Likely (not confirmed)
Third Party Assistance: Cybersecurity Forensics (Assumed), Legal Counsel (Assumed).
Containment Measures: Salesforce Account Lockdown (assumed)Password ResetsSession Termination
Remediation Measures: Customer Notification (pending)Credit Monitoring (likely)Salesforce Security Review
Communication Strategy: Internal (confirmed)Public Disclosure (pending)
Enhanced Monitoring: Likely (assumed)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (systems secured post-breach), Likely (not confirmed).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cybersecurity Forensics (assumed), Legal Counsel (assumed), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KER0692106091525
Type of Data Compromised: Personal data (emails), Transaction data (total sales), Customer profiles
Number of Records Exposed: 7400000
Sensitivity of Data: Moderate (no financial/PII like SSNs, but spending habits reveal high-value targets)
Data Exfiltration: Confirmed (sample shared with BBC as proof)
File Types Exposed: Customer databasesSales records
Personally Identifiable Information: Partial (emails only; no government IDs or financial data)
Incident : Data Breach KER3565635100325
Type of Data Compromised: Personally identifiable information (pii), Customer profiles, Purchase histories (likely)
Number of Records Exposed: 56 million
Sensitivity of Data: High (luxury customer data, potential financial details)
Data Exfiltration: Confirmed (56M records stolen)
File Types Exposed: Database DumpsCSV/Excel (likely)
Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses (likely)Payment Preferences (possible)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Customer Notification (pending), Credit Monitoring (likely), Salesforce Security Review, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured it systems, revoked unauthorized access, , salesforce account lockdown (assumed), password resets, session termination and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach KER0692106091525
Ransom Demanded: Yes (amount undisclosed, demanded in Bitcoin)
Ransom Paid: No (company refused per law enforcement advice)
Data Encryption: No (data exfiltrated but not encrypted)
Data Exfiltration: Yes
Incident : Data Breach KER3565635100325
Ransom Demanded: $500,000
Ransom Paid: No
Data Encryption: No (data exfiltration only)
Data Exfiltration: Yes (56M records)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach KER0692106091525
Regulatory Notifications: Customers notified via email (no public disclosure required per legal obligations)
Incident : Data Breach KER3565635100325
Regulations Violated: GDPR (EU), CCPA (California, if applicable), French Data Protection Laws,
Legal Actions: Potential class-action lawsuits, Regulatory investigations (e.g., CNIL in France),
Regulatory Notifications: CNIL (France, likely)Other EU DPAs (if EU customers affected)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Potential class-action lawsuits, Regulatory investigations (e.g., CNIL in France), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach KER3565635100325
Lessons Learned: Third-party risk management failures (Salesforce compromise), Inadequate MFA or credential protection for critical cloud accounts, Delayed public disclosure increases reputational risk, Luxury brands are high-value targets for data theft and extortion
What recommendations were made to prevent future incidents ?
Incident : Data Breach KER3565635100325
Recommendations: Implement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firms
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Third-party risk management failures (Salesforce compromise),Inadequate MFA or credential protection for critical cloud accounts,Delayed public disclosure increases reputational risk,Luxury brands are high-value targets for data theft and extortion.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Develop a pre-negotiated incident response plan with cybersecurity firms, Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments and Implement strict MFA for all cloud accounts (especially CRM systems like Salesforce).
References
Where can I find more information about each incident ?
Incident : Data Breach KER0692106091525
Source: BBC News
Incident : Data Breach KER0692106091525
Source: Google Threat Analysis Group (UNC6040 warning)
Incident : Data Breach KER3565635100325
Source: DataBreaches.net
URL: https://www.databreaches.net
Date Accessed: 2025-09-16
Incident : Data Breach KER3565635100325
Source: Risky Business Newsletter
URL: https://risky.biz
Date Accessed: 2025-09-16
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BBC News, and Source: Google Threat Analysis Group (UNC6040 warning), and Source: DataBreaches.netUrl: https://www.databreaches.netDate Accessed: 2025-09-16, and Source: Risky Business NewsletterUrl: https://risky.bizDate Accessed: 2025-09-16.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach KER0692106091525
Investigation Status: Ongoing (company claims systems secured; no further updates)
Incident : Data Breach KER3565635100325
Investigation Status: Ongoing (no official resolution announced)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Internal (Confirmed) and Public Disclosure (Pending).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach KER0692106091525
Stakeholder Advisories: None (no public statements)
Customer Advisories: Emailed notifications to affected individuals
Incident : Data Breach KER3565635100325
Customer Advisories: Pending (likely to include credit monitoring offers)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were None (no public statements), Emailed notifications to affected individuals and Pending (likely to include credit monitoring offers).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach KER0692106091525
Entry Point: Compromised employee credentials (Salesforce logins)
Reconnaissance Period: Unknown (breach detected in June, occurred in April)
High Value Targets: Customer data (especially high-spending individuals)
Data Sold on Dark Web: Customer data (especially high-spending individuals)
Incident : Data Breach KER3565635100325
Entry Point: Compromised Salesforce Credentials (Likely Phishing Or Credential Stuffing),
High Value Targets: Customer Databases, Loyalty Program Data (Likely),
Data Sold on Dark Web: Customer Databases, Loyalty Program Data (Likely),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KER0692106091525
Root Causes: Social Engineering (Phished Credentials), Insufficient Multi-Factor Authentication (Mfa) On Salesforce, Lack Of Early Detection (Breach Undetected For ~2 Months),
Incident : Data Breach KER3565635100325
Root Causes: Weak Authentication For Salesforce Admin Accounts, Lack Of Continuous Monitoring For Anomalous Data Access, Insufficient Segmentation Between Kering Subsidiaries' Data In Salesforce, Delayed Detection (Breach Occurred In June, Disclosed Later),
Corrective Actions: Mandatory Mfa For All Salesforce Users, Real-Time Alerting For Bulk Data Exports, Isolation Of Subsidiary Data Within Salesforce, Employee Training On Phishing And Credential Hygiene,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity Forensics (Assumed), Legal Counsel (Assumed), , Likely (assumed).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Mandatory Mfa For All Salesforce Users, Real-Time Alerting For Bulk Data Exports, Isolation Of Subsidiary Data Within Salesforce, Employee Training On Phishing And Credential Hygiene, .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Yes (amount undisclosed, demanded in Bitcoin).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Name: Shiny Hunters (aka UNC6040)Type: Individual/Cybercriminal GroupMotivation: ['Financial Gain (Ransom Demand)' and 'Data Theft for Resale']Known Aliases: ['UNC6040'].
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-06.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $500,000 (ransom demanded, unpaid) + potential regulatory fines and remediation costs.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Records: 7400000, Details: ['Email addresses', 'Total Sales (purchase history)', 'Customer spending patterns'], , Customer Records: 7400000, Details: ['Email addresses', 'Total Sales (purchase history)', 'Customer spending patterns'], , 56 million customer records (43M Gucci and 13M other brands).
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal Salesforce softwareCustomer databases and Salesforce CRMCustomer Databases.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity forensics (assumed), legal counsel (assumed), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Secured IT systemsRevoked unauthorized access and Salesforce Account Lockdown (assumed)Password ResetsSession Termination.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 56 million customer records (43M Gucci and 13M other brands).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 56.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $500,000.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Potential class-action lawsuits, Regulatory investigations (e.g., CNIL in France), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Luxury brands are high-value targets for data theft and extortion.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Develop a pre-negotiated incident response plan with cybersecurity firms, Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments and Implement strict MFA for all cloud accounts (especially CRM systems like Salesforce).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Risky Business Newsletter, BBC News, DataBreaches.net and Google Threat Analysis Group (UNC6040 warning).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.databreaches.net, https://risky.biz .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (company claims systems secured; no further updates).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was None (no public statements), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Emailed notifications to affected individuals and Pending (likely to include credit monitoring offers).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised employee credentials (Salesforce logins).
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Unknown (breach detected in June, occurred in April).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Social engineering (phished credentials)Insufficient multi-factor authentication (MFA) on SalesforceLack of early detection (breach undetected for ~2 months), Weak authentication for Salesforce admin accountsLack of continuous monitoring for anomalous data accessInsufficient segmentation between Kering subsidiaries' data in SalesforceDelayed detection (breach occurred in June, disclosed later).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Mandatory MFA for all Salesforce usersReal-time alerting for bulk data exportsIsolation of subsidiary data within SalesforceEmployee training on phishing and credential hygiene.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=kering' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
