Kering, a French luxury goods conglomerate, suffered a data breach in April when an unauthorized third party (the cybercriminal group Shiny Hunters/UNC6040) gained temporary access to its systems. The attacker exploited compromised employee credentials to access Salesforce software, stealing customer data linked to 7.4 million unique email addresses. The exposed information included purchase histories (e.g., 'Total Sales' showing individual spending up to $86,000), raising concerns about targeted secondary scams against high-value customers. While no financial data (e.g., bank details, credit cards, or government IDs) was compromised, the breach poses significant reputational and fraud risks. The hacker demanded a ransom in Bitcoin, which Kering refused per law enforcement guidance. The company privately notified affected customers but made no public disclosure, despite the breach coinciding with similar attacks on other luxury brands (e.g., Cartier, Louis Vuitton). Google later linked Shiny Hunters to a broader campaign of phishing-based Salesforce breaches, highlighting systemic vulnerabilities in employee authentication.

Hackers breached Kering, the parent company of luxury brands like Gucci, Balenciaga, Brioni, and Alexander McQueen, stealing 56 million customer records (43M from Gucci alone). The intrusion occurred in June 2024, with attackers exfiltrating data from Kering’s Salesforce account. The stolen records reportedly include sensitive customer information, though specifics (e.g., payment details, PII) remain undisclosed. The hackers claimed to have negotiated a $500,000 ransom, which Kering allegedly refused to pay. Following the breach, Gucci’s tokenized assets crashed 80% in value, signaling severe reputational and financial fallout. The attack underscores vulnerabilities in third-party cloud platforms (Salesforce) and the high-value target nature of luxury retail databases for cybercriminals.