Hackers steal personal data from 7.4 million customers of Kering-owned brands in a sophisticated cyberattack.
French luxury conglomerate Kering has confirmed a major data breach affecting three of its most prestigious brands—Gucci, Balenciaga, and Alexander McQueen—with cybercriminals successfully stealing personal information from approximately 7.4 million customers worldwide.
The cyberattack, which occurred in April 2025 but was only discovered by the company in June, represents one of the most significant security incidents to impact the luxury retail sector in recent years. The notorious hacking group ShinyHunters has claimed responsibility for the breach.
What Data Was Stolen
The compromised information includes customer names, email addresses, phone numbers, home addresses, and detailed spending records that reveal individual purchase amounts ranging from thousands to over $80,000. Analysis of the stolen data shows some customers have spent more than $10,000 with individual brands, while others have accumulated spending between $30,000 and $86,000.
However, Kering emphasized that no financial information, including credit card details or bank account numbers, was compromised in the breach. The Paris-based company has notified affected customers and relevant data protection authorities across multiple countries, though it declined to specify which regions were impacted.
The ShinyHunters Connection
ShinyHunters, communicating through the encrypted messaging app Telegram, allegedly attempted to extort Kering for ransom payments in Bitcoin. The company denied engaging in any negotiations with the criminals, following law enforcement guidance against paying ransoms.
Chat logs revealed that by June 2025, negotiations were taking place, with reports suggesting Balenciaga had initially agreed to pay a ransom of €750,000 worth of Bitcoin before ultimately refusing.
The hacking group has been particularly active in 2025, launching successful attacks on Google’s Salesforce instance, Qantas, Allianz Life, LVMH subsidiaries, Workday, and numerous other organizations. Their tactics typically involve social engineering attacks, particularly voice phishing campaigns, where attackers impersonate IT support staff to trick employees into providing access to internal systems.
Part of Wider Industry Crisis
The Kering incident is part of a broader wave of cyberattacks targeting luxury brands throughout 2025. Several other premium retailers have suffered similar breaches, including Cartier owner Richemont and LVMH brands like Louis Vuitton, which experienced a separate data leak affecting 419,000 customers.
The FBI issued an alert in September 2025 warning about ongoing campaigns by threat groups targeting Salesforce instances, specifically mentioning ShinyHunters and their collaboration with other hacking collectives like Scattered Spider.
Why Luxury Brands Are Prime Targets
Cybersecurity experts warn that the luxury sector faces unique vulnerabilities that make it an attractive target for cybercriminals. These include:
- Wealthy customer bases with extensive personal data repositories
- High-value extortion potential due to brand reputation concerns
- Complex digital infrastructures with multiple third-party integrations
- Thin profit margins that historically limited security investments
- Always-on operations make companies more likely to pay ransoms to avoid costly downtime
The stolen data from the Kering breach poses particular risks for high-spending customers, as detailed purchase histories could make them targets for secondary scams and sophisticated social engineering attacks.
Kering’s Corporate History
Kering’s transformation from a timber trading company founded by François Pinault in 1962 to one of the world’s largest luxury conglomerates has been marked by strategic acquisitions over several decades. The company’s luxury journey began with the pivotal 1999 acquisition of Gucci for $3 billion, following an intense battle with rival LVMH.
The group subsequently expanded through key acquisitions, including Yves Saint Laurent (1999), Bottega Veneta and Balenciaga (2001), Alexander McQueen (2001), and Brioni (2011). Today, Kering operates as the world’s third-largest luxury conglomerate after LVMH and Richemont, with annual revenues exceeding €20 billion.
Company Response and Next Steps
Kering stated that it immediately secured its IT infrastructure following the discovery of the breach and has been working with external cybersecurity experts and law enforcement agencies. The company emphasized that it has enhanced its security measures to prevent similar incidents in the future.
The breach highlights the growing cybersecurity challenges facing the luxury retail industry, where companies must balance customer experience with robust security measures. As luxury brands continue expanding their digital presence, cybersecurity investments are becoming as crucial as traditional brand protection strategies.
The incident serves as a stark reminder that even the most prestigious brands are vulnerable to sophisticated cyber threats, particularly as hackers increasingly target high-value customer databases for financial gain and extortion purposes.
Sources: Reuters, The Guardian, Times of India, BBC.