Kering
Company Details
Linkedin ID:
kering
Website:
Employees number:
37,699
Number of followers:
823,450
NAICS:
4483
Industry Type:
Homepage:
kering.com
IP Addresses:
193
Company ID:
KER_2288315
Scan Status:
Completed
Kering Company CyberSecurity Posture
kering.com
Kering is a global, family-led luxury group, home to people whose passion and expertise nurture creative Houses across ready-to-wear and couture, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beauté. Inspired by their creative heritage, Kering’s Houses design and craft exceptional products and experiences that reflect the Group’s commitment to excellence, sustainability and culture. This vision is expressed in our signature: Creativity is our Legacy.
Kering A.I CyberSecurity Scoring
Kering Risk Score (AI oriented)Between 700 and 749
Kering
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Kering Global Score (TPRM)XXXX
Kering
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Kering Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Kering (Gucci, Balenciaga, Brioni, Alexander McQueen)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Hackers breached Kering, the parent company of luxury brands like Gucci, Balenciaga, Brioni, and Alexander McQueen, stealing **56 million customer records** (43M from Gucci alone). The intrusion occurred in **June 2024**, with attackers exfiltrating data from Kering’s **Salesforce account**. The stolen records reportedly include sensitive customer information, though specifics (e.g., payment details, PII) remain undisclosed. The hackers claimed to have negotiated a **$500,000 ransom**, which Kering allegedly refused to pay. Following the breach, Gucci’s tokenized assets crashed **80% in value**, signaling severe reputational and financial fallout. The attack underscores vulnerabilities in third-party cloud platforms (Salesforce) and the high-value target nature of luxury retail databases for cybercriminals.
Kering
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Kering, a French luxury goods conglomerate, suffered a data breach in April when an unauthorized third party (the cybercriminal group **Shiny Hunters/UNC6040**) gained temporary access to its systems. The attacker exploited compromised employee credentials to access **Salesforce software**, stealing customer data linked to **7.4 million unique email addresses**. The exposed information included **purchase histories (e.g., 'Total Sales' showing individual spending up to $86,000)**, raising concerns about targeted secondary scams against high-value customers. While no financial data (e.g., bank details, credit cards, or government IDs) was compromised, the breach poses significant **reputational and fraud risks**. The hacker demanded a **ransom in Bitcoin**, which Kering refused per law enforcement guidance. The company privately notified affected customers but made **no public disclosure**, despite the breach coinciding with similar attacks on other luxury brands (e.g., Cartier, Louis Vuitton). Google later linked Shiny Hunters to a broader campaign of **phishing-based Salesforce breaches**, highlighting systemic vulnerabilities in employee authentication.
Kering Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Kering
Incidents vs Retail Luxury Goods and Jewelry Industry Average (This Year)
Kering has 25.0% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Kering has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types Kering vs Retail Luxury Goods and Jewelry Industry Avg (This Year)
Kering reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Kering (X = Date, Y = Severity)
Kering cyber incidents detection timeline including parent company and subsidiaries
Kering Company Subsidiaries
Kering is a global, family-led luxury group, home to people whose passion and expertise nurture creative Houses across ready-to-wear and couture, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beauté. Inspired by their creative heritage, Kering’s Houses design and craft exceptional products and experiences that reflect the Group’s commitment to excellence, sustainability and culture. This vision is expressed in our signature: Creativity is our Legacy.
Loading...
Kering Similar Companies
Pandora is the world’s largest jewellery brand. The company designs, manufactures and markets hand-finished jewellery made from high-quality materials at affordable prices Pandora jewellery is sold in more than 100 countries through more than 6,500 points of sale, including more than 2,500 concept s
Swatch Group
The Swatch Group Ltd is an international group active in the manufacture and sale of finished watches, jewelry, watch movements and components. Swatch Group supplies nearly all components required for the watches sold by its 16 watch and jewelry brands as well as by its two retail brands, Tourbillon
Hermès
A creator, artisan and seller of high-quality objects since 1837, Hermès is an independent, family-owned French house that employs more than 16,600 people worldwide. Driven by its permanent entrepreneurial spirit and consistently high standards, Hermès cultivates the freedom and autonomy of each ind
At Richemont, we craft the future. Our unique portfolio includes prestigious Maisons distinguished by their craftsmanship and creativity. Richemont’s ambition is to nurture its Maisons and businesses and enable them to grow and prosper in a responsible, sustainable manner over the long term. Riche
Louis Vuitton
For more than 150 years, men and women at Louis Vuitton have shared the same spirit of excellence and passion, reaffirming their expertise every day, the world over. With us, every career is a journey, filled with excitement and challenge, desire and daring. There is no better way to reveal your pot
Tiffany & Co.
In 1837 Charles Lewis Tiffany founded his company in New York City where his store was soon acclaimed as the palace of jewels for its exceptional gemstones. Since then TIFFANY & CO. has become synonymous with elegance, innovative design, fine craftsmanship and creative excellence. During the 20th ce
Gucci
Founded in Florence, Italy in 1921, Gucci is one of the world’s leading luxury brands. Following the House’s centenary, Gucci forges ahead continuing to redefine fashion and luxury while celebrating creativity, Italian craftsmanship, and innovation. Gucci is part of the global luxury group Kering,
Swatch Group
Swatch Group is the world's number one manufacturer of finished watches. With its 16 watch brands, the Group is present in all price segments, and is also active in the manufacture and sale of jewelry, watch movements and components. Swatch Group unites, among other companies, the following watch b
Chanel is a private company and world leader in creating, manufacturing and distributing luxury products, including Ready-to-Wear, Accessories, Fragrances, Makeup, Skincare, Jewellery and Watches. Founded by Gabrielle Chanel in 1910, the House remains dedicated to exceptional craftsmanship and offer
.png)
Kering CyberSecurity News
November 10, 2025 08:00 AM
Banco Santander Faces Alleged Data Breach by BreachParty
Threat actor BreachParty claims to be selling 10000 customer records from Banco Santander, including PII and IBANs, raising serious data...
October 21, 2025 07:00 AM
Kering And L’Oréal Double Down On Their Strengths In $4.7 Billion Beauty Deal
In a win/win deal, L'Oréal will acquire Kering Beauté, including the Creed fragrance brand, for $4.7 billion in its largest acquisition to...
October 17, 2025 07:00 AM
ICO Shares Tips for Small Businesses to Defend Against Cyber Attacks: 'Password123' is Probably not Going to Cut it!
Cyberattacks feel pretty inescapable at the moment. They've always been there but in recent months there have been countless high profile...
October 03, 2025 07:00 AM
Hacking group claims theft of 1 billion records from Salesforce customer databases
The hacking group claims to have stolen about a billion records from companies, including FedEx, Qantas, and TransUnion, who store their...
September 25, 2025 07:00 AM
What the Latest Cyber Attacks Mean for Luxury Supply Chains
A ransomware attack on Gucci, Balenciaga and McQueen exposes customer data and highlights growing cybersecurity gaps in luxury retail supply...
September 24, 2025 07:00 AM
Cyber attacks in the luxury retail sector: legal insights and practical steps for building resilience
Background. The luxury retail sector has become an increasingly attractive target for sophisticated cyber attacks, with several high-profile...
September 23, 2025 07:00 AM
Kering cyber attack: 7.4 million customers targeted
Our investigation reveals that in June 2025, the Kering luxury group suffered a massive cyberattack, affecting the Gucci, Balenciaga and...
September 20, 2025 07:00 AM
Luxury customer data hack rattles global industry
A massive cyberattack targeting Kering and other top houses has exposed millions of luxury clients, shaking confidence in the global fashion...
September 19, 2025 07:00 AM
In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias
Noteworthy stories that might have slipped under the radar: Eve Security seed funding, Claroty report, patches from WatchGuard and Nokia.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Kering CyberSecurity History Information
Official Website of Kering
The official website of Kering is https://www.kering.com/en.
Kering’s AI-Generated Cybersecurity Score
According to Rankiteo, Kering’s AI-generated cybersecurity score is 737, reflecting their Moderate security posture.
How many security badges does Kering’ have ?
According to Rankiteo, Kering currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Kering have SOC 2 Type 1 certification ?
According to Rankiteo, Kering is not certified under SOC 2 Type 1.
Does Kering have SOC 2 Type 2 certification ?
According to Rankiteo, Kering does not hold a SOC 2 Type 2 certification.
Does Kering comply with GDPR ?
According to Rankiteo, Kering is not listed as GDPR compliant.
Does Kering have PCI DSS certification ?
According to Rankiteo, Kering does not currently maintain PCI DSS compliance.
Does Kering comply with HIPAA ?
According to Rankiteo, Kering is not compliant with HIPAA regulations.
Does Kering have ISO 27001 certification ?
According to Rankiteo,Kering is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Kering
Kering operates primarily in the Retail Luxury Goods and Jewelry industry.
Number of Employees at Kering
Kering employs approximately 37,699 people worldwide.
Subsidiaries Owned by Kering
Kering presently has no subsidiaries across any sectors.
Kering’s LinkedIn Followers
Kering’s official LinkedIn profile has approximately 823,450 followers.
NAICS Classification of Kering
Kering is classified under the NAICS code 4483, which corresponds to Jewelry, Luggage, and Leather Goods Stores.
Kering’s Presence on Crunchbase
Yes, Kering has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/kering.
Kering’s Presence on LinkedIn
Yes, Kering maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/kering.
Cybersecurity Incidents Involving Kering
As of December 11, 2025, Rankiteo reports that Kering has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Kering has an estimated 1,377 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Kering ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
What was the total financial impact of these incidents on Kering ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $500 thousand.
How does Kering detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes (systems secured post-breach), and law enforcement notified with implied (followed advice not to pay ransom), and containment measures with secured it systems, containment measures with revoked unauthorized access, and internal with none, external with emailed affected customers (no public statement), transparency level with low (no details on number of victims or public disclosure), and incident response plan activated with likely (not confirmed), and third party assistance with cybersecurity forensics (assumed), third party assistance with legal counsel (assumed), and containment measures with salesforce account lockdown (assumed), containment measures with password resets, containment measures with session termination, and remediation measures with customer notification (pending), remediation measures with credit monitoring (likely), remediation measures with salesforce security review, and communication strategy with internal (confirmed), communication strategy with public disclosure (pending), and enhanced monitoring with likely (assumed)..
Incident Details
Can you provide details on each incident ?
Title: Kering Data Breach by Shiny Hunters
Description: The luxury goods conglomerate Kering suffered a data breach in April, where an unauthorized third party (Shiny Hunters) gained temporary access to its systems and exfiltrated customer data linked to 7.4 million unique email addresses. The stolen data includes 'Total Sales' figures, revealing high-spending customers who may now be targeted for secondary scams. Kering refused to pay the ransom demanded by Shiny Hunters and claims no financial or government-issued identification data was compromised. The breach was part of a broader wave of attacks on luxury brands, including Cartier and Louis Vuitton.
Date Detected: 2023-06
Type: Data Breach
Attack Vector: Credential Theft (Salesforce Logins)Social Engineering
Vulnerability Exploited: Human error (tricked employees into handing over login credentials for internal Salesforce software)
Threat Actor: Name: Shiny Hunters (aka UNC6040)Type: Individual/Cybercriminal GroupMotivation: ['Financial Gain (Ransom Demand)', 'Data Theft for Resale']Known Aliases: ['UNC6040']
Motivation: Financial GainData Exfiltration for Secondary Exploitation
Title: Kering Group (Gucci, Balenciaga, Brioni, Alexander McQueen) Customer Data Breach via Salesforce Compromise
Description: Hackers breached Kering's Salesforce account in June 2025, stealing 43 million customer records from Gucci and 13 million records from other brands (Balenciaga, Brioni, Alexander McQueen). The attackers allegedly negotiated a $500,000 ransom, which Kering did not pay. The breach was disclosed after the data was exfiltrated, causing potential reputational and operational damage.
Date Detected: 2025-06-01
Type: Data Breach
Attack Vector: Compromised Cloud Account (Salesforce)Credential Theft/Phishing (likely)
Vulnerability Exploited: Weak or Stolen CredentialsInsufficient Multi-Factor Authentication (MFA)Salesforce Misconfiguration
Motivation: Financial Gain (Ransom Demand)Data Theft for Resale
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised employee credentials (Salesforce logins) and Compromised Salesforce Credentials (likely phishing or credential stuffing).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KER0692106091525
Data Compromised: Customer Records: 7, 4, 0, 0, 0, 0, 0, Details: [, ', E, m, a, i, l, , a, d, d, r, e, s, s, e, s, ', ,, , ', T, o, t, a, l, , S, a, l, e, s, , (, p, u, r, c, h, a, s, e, , h, i, s, t, o, r, y, ), ', ,, , ', C, u, s, t, o, m, e, r, , s, p, e, n, d, i, n, g, , p, a, t, t, e, r, n, s, ', ],
Systems Affected: Internal Salesforce softwareCustomer databases
Operational Impact: Temporary unauthorized access; systems later secured
Customer Complaints: Likely (not quantified; customers notified via email)
Brand Reputation Impact: Moderate to High (luxury brand trust erosion, potential secondary scams targeting high-spending customers)
Legal Liabilities: None disclosed (company claims compliance with notification requirements)
Identity Theft Risk: Low (no government-issued IDs or financial data stolen, but high-spending customers at risk of targeted scams)
Payment Information Risk: None (no credit card or bank details compromised)
Incident : Data Breach KER3565635100325
Financial Loss: $500,000 (ransom demanded, unpaid) + potential regulatory fines and remediation costs
Data Compromised: 56 million customer records (43M Gucci, 13M other brands)
Systems Affected: Salesforce CRMCustomer Databases
Operational Impact: Customer trust erosionPotential legal and compliance violations (e.g., GDPR)
Customer Complaints: Likely (not quantified)
Brand Reputation Impact: High (luxury brands targeted, public disclosure of breach)
Legal Liabilities: Potential GDPR fines (up to 4% of global revenue)Class-action lawsuits from affected customers
Identity Theft Risk: High (customer PII exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $250.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data (Emails), Transaction Data (Total Sales), Customer Profiles, , Personally Identifiable Information (Pii), Customer Profiles, Purchase Histories (Likely) and .
Which entities were affected by each incident ?
Incident : Data Breach KER0692106091525
Entity Name: Kering
Entity Type: Conglomerate
Industry: Luxury Goods
Location: France
Size: Large (multinational, owns brands like Gucci, Saint Laurent, Bottega Veneta)
Customers Affected: 7400000
Incident : Data Breach KER3565635100325
Entity Name: Kering Group
Entity Type: Conglomerate
Industry: Luxury Fashion
Location: France (HQ)
Size: Large (Global, ~40,000 employees)
Customers Affected: 56 million
Incident : Data Breach KER3565635100325
Entity Name: Gucci
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: 43 million
Incident : Data Breach KER3565635100325
Entity Name: Balenciaga
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: Part of 13 million
Incident : Data Breach KER3565635100325
Entity Name: Brioni
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: Part of 13 million
Incident : Data Breach KER3565635100325
Entity Name: Alexander McQueen
Entity Type: Subsidiary
Industry: Luxury Fashion
Location: Global
Customers Affected: Part of 13 million
Incident : Data Breach KER3565635100325
Entity Name: Salesforce
Entity Type: Third-Party Vendor
Industry: Cloud CRM
Location: USA (HQ)
Size: Large
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KER0692106091525
Incident Response Plan Activated: Yes (systems secured post-breach)
Law Enforcement Notified: Implied (followed advice not to pay ransom)
Containment Measures: Secured IT systemsRevoked unauthorized access
Communication Strategy: External: Emailed affected customers (no public statement), Transparency Level: Low (no details on number of victims or public disclosure).
Incident : Data Breach KER3565635100325
Incident Response Plan Activated: Likely (not confirmed)
Third Party Assistance: Cybersecurity Forensics (Assumed), Legal Counsel (Assumed).
Containment Measures: Salesforce Account Lockdown (assumed)Password ResetsSession Termination
Remediation Measures: Customer Notification (pending)Credit Monitoring (likely)Salesforce Security Review
Communication Strategy: Internal (confirmed)Public Disclosure (pending)
Enhanced Monitoring: Likely (assumed)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (systems secured post-breach), Likely (not confirmed).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cybersecurity Forensics (assumed), Legal Counsel (assumed), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KER0692106091525
Type of Data Compromised: Personal data (emails), Transaction data (total sales), Customer profiles
Number of Records Exposed: 7400000
Sensitivity of Data: Moderate (no financial/PII like SSNs, but spending habits reveal high-value targets)
Data Exfiltration: Confirmed (sample shared with BBC as proof)
File Types Exposed: Customer databasesSales records
Personally Identifiable Information: Partial (emails only; no government IDs or financial data)
Incident : Data Breach KER3565635100325
Type of Data Compromised: Personally identifiable information (pii), Customer profiles, Purchase histories (likely)
Number of Records Exposed: 56 million
Sensitivity of Data: High (luxury customer data, potential financial details)
Data Exfiltration: Confirmed (56M records stolen)
File Types Exposed: Database DumpsCSV/Excel (likely)
Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses (likely)Payment Preferences (possible)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Customer Notification (pending), Credit Monitoring (likely), Salesforce Security Review, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured it systems, revoked unauthorized access, , salesforce account lockdown (assumed), password resets, session termination and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach KER0692106091525
Ransom Demanded: Yes (amount undisclosed, demanded in Bitcoin)
Ransom Paid: No (company refused per law enforcement advice)
Data Encryption: No (data exfiltrated but not encrypted)
Data Exfiltration: Yes
Incident : Data Breach KER3565635100325
Ransom Demanded: $500,000
Ransom Paid: No
Data Encryption: No (data exfiltration only)
Data Exfiltration: Yes (56M records)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach KER0692106091525
Regulatory Notifications: Customers notified via email (no public disclosure required per legal obligations)
Incident : Data Breach KER3565635100325
Regulations Violated: GDPR (EU), CCPA (California, if applicable), French Data Protection Laws,
Legal Actions: Potential class-action lawsuits, Regulatory investigations (e.g., CNIL in France),
Regulatory Notifications: CNIL (France, likely)Other EU DPAs (if EU customers affected)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Potential class-action lawsuits, Regulatory investigations (e.g., CNIL in France), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach KER3565635100325
Lessons Learned: Third-party risk management failures (Salesforce compromise), Inadequate MFA or credential protection for critical cloud accounts, Delayed public disclosure increases reputational risk, Luxury brands are high-value targets for data theft and extortion
What recommendations were made to prevent future incidents ?
Incident : Data Breach KER3565635100325
Recommendations: Implement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firmsImplement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Conduct third-party security audits for vendors handling customer data, Establish a transparent breach disclosure timeline to maintain customer trust, Enhance monitoring for unusual data access patterns in cloud environments, Develop a pre-negotiated incident response plan with cybersecurity firms
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Third-party risk management failures (Salesforce compromise),Inadequate MFA or credential protection for critical cloud accounts,Delayed public disclosure increases reputational risk,Luxury brands are high-value targets for data theft and extortion.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Establish a transparent breach disclosure timeline to maintain customer trust, Develop a pre-negotiated incident response plan with cybersecurity firms, Enhance monitoring for unusual data access patterns in cloud environments and Conduct third-party security audits for vendors handling customer data.
References
Where can I find more information about each incident ?
Incident : Data Breach KER0692106091525
Source: BBC News
Incident : Data Breach KER0692106091525
Source: Google Threat Analysis Group (UNC6040 warning)
Incident : Data Breach KER3565635100325
Source: DataBreaches.net
URL: https://www.databreaches.net
Date Accessed: 2025-09-16
Incident : Data Breach KER3565635100325
Source: Risky Business Newsletter
URL: https://risky.biz
Date Accessed: 2025-09-16
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BBC News, and Source: Google Threat Analysis Group (UNC6040 warning), and Source: DataBreaches.netUrl: https://www.databreaches.netDate Accessed: 2025-09-16, and Source: Risky Business NewsletterUrl: https://risky.bizDate Accessed: 2025-09-16.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach KER0692106091525
Investigation Status: Ongoing (company claims systems secured; no further updates)
Incident : Data Breach KER3565635100325
Investigation Status: Ongoing (no official resolution announced)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Internal (Confirmed) and Public Disclosure (Pending).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach KER0692106091525
Stakeholder Advisories: None (no public statements)
Customer Advisories: Emailed notifications to affected individuals
Incident : Data Breach KER3565635100325
Customer Advisories: Pending (likely to include credit monitoring offers)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were None (no public statements), Emailed notifications to affected individuals and Pending (likely to include credit monitoring offers).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach KER0692106091525
Entry Point: Compromised employee credentials (Salesforce logins)
Reconnaissance Period: Unknown (breach detected in June, occurred in April)
High Value Targets: Customer data (especially high-spending individuals)
Data Sold on Dark Web: Customer data (especially high-spending individuals)
Incident : Data Breach KER3565635100325
Entry Point: Compromised Salesforce Credentials (Likely Phishing Or Credential Stuffing),
High Value Targets: Customer Databases, Loyalty Program Data (Likely),
Data Sold on Dark Web: Customer Databases, Loyalty Program Data (Likely),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KER0692106091525
Root Causes: Social Engineering (Phished Credentials), Insufficient Multi-Factor Authentication (Mfa) On Salesforce, Lack Of Early Detection (Breach Undetected For ~2 Months),
Incident : Data Breach KER3565635100325
Root Causes: Weak Authentication For Salesforce Admin Accounts, Lack Of Continuous Monitoring For Anomalous Data Access, Insufficient Segmentation Between Kering Subsidiaries' Data In Salesforce, Delayed Detection (Breach Occurred In June, Disclosed Later),
Corrective Actions: Mandatory Mfa For All Salesforce Users, Real-Time Alerting For Bulk Data Exports, Isolation Of Subsidiary Data Within Salesforce, Employee Training On Phishing And Credential Hygiene,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity Forensics (Assumed), Legal Counsel (Assumed), , Likely (assumed).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Mandatory Mfa For All Salesforce Users, Real-Time Alerting For Bulk Data Exports, Isolation Of Subsidiary Data Within Salesforce, Employee Training On Phishing And Credential Hygiene, .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Yes (amount undisclosed, demanded in Bitcoin).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Name: Shiny Hunters (aka UNC6040)Type: Individual/Cybercriminal GroupMotivation: ['Financial Gain (Ransom Demand)' and 'Data Theft for Resale']Known Aliases: ['UNC6040'].
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-06.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $500,000 (ransom demanded, unpaid) + potential regulatory fines and remediation costs.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Records: 7400000, Details: ['Email addresses', 'Total Sales (purchase history)', 'Customer spending patterns'], , Customer Records: 7400000, Details: ['Email addresses', 'Total Sales (purchase history)', 'Customer spending patterns'], , 56 million customer records (43M Gucci and 13M other brands).
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal Salesforce softwareCustomer databases and Salesforce CRMCustomer Databases.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity forensics (assumed), legal counsel (assumed), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Secured IT systemsRevoked unauthorized access and Salesforce Account Lockdown (assumed)Password ResetsSession Termination.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 56 million customer records (43M Gucci and 13M other brands).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 56.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $500,000.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Potential class-action lawsuits, Regulatory investigations (e.g., CNIL in France), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Luxury brands are high-value targets for data theft and extortion.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement strict MFA for all cloud accounts (especially CRM systems like Salesforce), Establish a transparent breach disclosure timeline to maintain customer trust, Develop a pre-negotiated incident response plan with cybersecurity firms, Enhance monitoring for unusual data access patterns in cloud environments and Conduct third-party security audits for vendors handling customer data.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are BBC News, DataBreaches.net, Risky Business Newsletter and Google Threat Analysis Group (UNC6040 warning).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.databreaches.net, https://risky.biz .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (company claims systems secured; no further updates).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was None (no public statements), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Emailed notifications to affected individuals and Pending (likely to include credit monitoring offers).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised employee credentials (Salesforce logins).
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Unknown (breach detected in June, occurred in April).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Social engineering (phished credentials)Insufficient multi-factor authentication (MFA) on SalesforceLack of early detection (breach undetected for ~2 months), Weak authentication for Salesforce admin accountsLack of continuous monitoring for anomalous data accessInsufficient segmentation between Kering subsidiaries' data in SalesforceDelayed detection (breach occurred in June, disclosed later).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Mandatory MFA for all Salesforce usersReal-time alerting for bulk data exportsIsolation of subsidiary data within SalesforceEmployee training on phishing and credential hygiene.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=kering' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
