A cyberattack has hit three luxury fashion houses under Kering — Balenciaga, Gucci, and Alexander McQueen. The intruders walked away with customer records, affecting shoppers across the globe.
The hacker behind this security incident calls themselves Shiny Hunters. They claim to hold data tied to about 7.4 million email addresses.
The stolen data set also contained names, phone numbers, home addresses, and even the total amount each person spent at these stores. Some of the highest spending customers were shown to have spent between $30,000 and $86,000.
The parent company of these brands, Kering, confirmed the breach. The French luxury group said the attacker gained temporary access to its systems earlier this year.
What Data Was Taken
Kering said the stolen information did not include bank details or credit card numbers. No government ID numbers were exposed either.
But the other details are still sensitive. Details like names, phone numbers, and past purchases may not seem as sensitive as bank details, but in the wrong hands they’re still dangerous. Crooks often use such info to make scams more convincing.
One risk here is that high spenders could be singled out. If scammers know someone dropped $30,000 at a boutique, they could tailor their approach — maybe pretending to be the brand, a bank, or even the police — to trick the victim into handing over more.
The “Total Sales” field in the leaked data is one of the most concerning details. It shows exactly how much each customer has spent. That creates a ready-made list of wealthy targets for fraud.
How the Breach Happened
Shiny Hunters told the BBC they hacked into Kering’s systems in April 2025. The hacker claimed they contacted the company in June and demanded a ransom payment in Bitcoin.
Kering, however, denied any negotiations took place. The company said it has refused to pay, following the standard advice given by law enforcement. Paying ransoms is discouraged because it encourages more attacks and there’s no guarantee criminals will delete the data.
The firm said:
“In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information was involved in the incident.”
Kering says it has since tightened its IT security and reported the matter to regulators, as required under data protection laws.
Why Kering Didn’t Go Public Immediately
Unlike some companies, Kering has not made a large public statement or press release about the breach. Legally, it doesn’t have to.
As per European data protection laws, companies must notify people directly if their data has been stolen. But they are not required to publish the breach to the wider public, as long as they contact each victim.
So far, Kering has not disclosed how many customers were affected. The figure of 7.4 million email addresses comes from the hacker’s claims, not from the company itself.
Proof of the Breach
To prove they had the data, Shiny Hunters shared a small sample with the BBC. The sample contained thousands of customer records, which appeared genuine when checked.
The BBC deleted the files after analysis, but the evidence suggests the hacker’s claims are real.
This group has a long track record of stealing and selling corporate data. Shiny Hunters has previously been linked to leaks from major tech companies and online platforms.
A Wave of Luxury Brand Attacks
This is not the only breach to hit luxury brands in recent months. Around the same time, both Cartier and Louis Vuitton confirmed their own data incidents.
It is not clear whether those cases are linked to Shiny Hunters. But they show a pattern: high-end fashion and retail companies are becoming attractive targets for cyber criminals.
Luxury brands hold valuable information about wealthy customers. For attackers, that data is worth a lot more than a list of ordinary email addresses.
Who Are Shiny Hunters?
Shiny Hunters has been around for years and is familiar to researchers. Google’s security team, for instance, tracks the same crew under the label UNC6040.
They are known for using social engineering to steal employee credentials. In several cases, they tricked staff into handing over login details for internal systems, such as Salesforce.
Google itself has been a victim. Earlier this year, the company warned about Shiny Hunters’ tactics and confirmed that it had been targeted.
The group usually tries to sell stolen data on criminal forums. Sometimes it leaks samples as proof, as in this case.
No Easy Fix
Luxury companies like Kering face a hard problem. Their customer bases are attractive targets. They also operate global online stores, loyalty programs, and IT systems that process millions of records.
Attackers only need to find one weak point to get in. And once data is stolen, it cannot be “un-stolen.” Even if hackers are arrested, the files may already have been copied or sold.
That means prevention is the only real defense. Stronger access controls, better employee training, and quick detection are essential.
The Current Situation
Kering says its systems are now secure, but the incident shows how vulnerable even the biggest companies are. The luxury market is built on exclusivity and trust. When data is leaked, that trust is damaged.
The coming months will show whether Shiny Hunters decides to release the full database. If the group puts the data up for sale, millions of customers could see their details spread across the criminal underground.
For now, customers should assume that if they have shopped at Balenciaga, Gucci, or Alexander McQueen in recent years, their information might be at risk.
