Luxury Fashion Under Fire: Tiffany & Kering Hit by Cyberattacks

A wave of cyberattacks is impacting the luxury goods sector, with high-profile breaches recently affecting global fashion conglomerates like Kering and Tiffany & Co. The most recent incident involves Tiffany, which confirmed the theft of gift cards and personal data belonging to over 2,500 customers.

This follows the larger-scale breach at Kering, owner of Gucci, Balenciaga, and Alexander McQueen, which exposed customer contact details and purchase history linked to over 7 million email addresses.

While neither breach involved direct theft of bank or credit card numbers, both exposed data that could be used in secondary schemes targeting high-net-worth individuals.

Why It Matters: The convergence of breaches at Kering and Tiffany & Co. is evidence that cybercriminals are beginning to target industries that hold concentrated pools of affluent customers. Even when financial data isn’t taken, exposure of personal identifiers and digital assets like gift cards opens the door to broader security concerns.

• Tiffany & Co. Breach Adds to Luxury Sector’s Mounting Cyber Woes: In early May, attackers infiltrated Tiffany & Co.’s systems, compromising the personal and transactional data of more than 2,500 clients. The stolen records included names, emails, phone numbers, and sensitive gift card details, complete with PINs, posing a risk for unauthorized purchases and broader misuse. This breach, though smaller in scale than Kering’s, demonstrates the diversity of data being targeted within the luxury retail space.

• Kering Breach Remains One of the Most Extensive in Luxury to Date: Just days before Tiffany’s disclosure, Kering confirmed a major data breach affecting up to 7.4 million customers, attributed to the hacker group ShinyHunters. Although the breach occurred in April, it wasn’t detected until June, at which point the company said it notified affected individuals and regulatory authorities in line with local requirements. However, the public was not made aware until mid-September, when media reports revealed the full scope of the incident. While Kering has not publicly named the specific brands impacted, leaked samples confirmed customer data from Gucci, Balenciaga, and Alexander McQueen. The compromised information included names, contact details, and purchase histories showing spending as high as $86,000. Even without financial account data, the exposure of high-value customer profiles raises significant concerns about how such information could lead to future targeting or impersonation attempts.

• Customer Profiles Becoming Key Targets for Threat Actors: Unlike traditional financial data theft, these breaches focus on detailed customer profiles deemed valuable due to their association with high-net-worth individuals. In Tiffany’s case, gift card theft provides immediate resale value. In Kering’s case, the exposure of contact information and luxury spending patterns adds a layer of risk that may play out over time through deceptive outreach or unauthorized targeting.

• Luxury Brands Now on Cybercriminal Priority Lists: With recent breaches at Dior, Cartier, Chanel, and now Tiffany & Co., luxury brands are finding themselves in the crosshairs of sophisticated cybercrime operations. Experts warn that attackers are drawn to the lucrative payoff of accessing data tied to wealthy consumer bases for these name brands. Tactics such as phishing through CRM platforms appear to exploit common backend systems used industry-wide.

• Security Posture in Luxury Retail Faces New Scrutiny: Kering and Tiffany have emphasized that they acted quickly to secure systems and notify affected customers; however, these events question preparation and consistency across the sector. As the luxury market becomes increasingly reliant on digital infrastructure and customer relationship tools, security must become central to brand strategy.

Go Deeper -> Tiffany & Co. Data Breach Exposes Gift Card Details of Over 2,500 Clients – Cyber Insider

Gucci, Balenciaga and Alexander McQueen private data ransomed by hackers – BBC

Gucci and Alexander McQueen Hit by Customer Data Breach – Infosecurity Magazine

Hackers steal private data of Gucci, Balenciaga and McQueen customers – The Guardian