In June 2025, Kering, the French luxury conglomerate behind renowned brands such as Gucci, Balenciaga, and Alexander McQueen, identified a significant data breach. An unauthorized entity temporarily accessed Kering’s systems, compromising sensitive customer information. The stolen data encompasses names, email addresses, phone numbers, physical addresses, and the total amounts spent by customers at these luxury brands. Importantly, Kering has assured that financial details, including credit card numbers and bank account information, were not part of the breach.
The hacking group known as ShinyHunters has claimed responsibility for this cyberattack. They allege to have obtained data linked to approximately 7.4 million unique email addresses. This incident is part of a broader trend of cyberattacks targeting luxury retailers. Earlier in 2025, Richemont’s Cartier and several brands under LVMH, including Louis Vuitton, experienced similar breaches. Notably, in July, Hong Kong’s privacy watchdog investigated a data leak affecting about 419,000 Louis Vuitton customers.
Kering has stated that it promptly informed relevant authorities and notified affected customers in accordance with local regulations. However, the company has not specified which countries were impacted by the breach. The company has also emphasized that no financial information, such as credit card or bank account numbers, was stolen during the incident.
Cybersecurity experts warn that the exposure of personal data, even without financial details, poses significant risks. Joseph Rooke, Director of Risk Insights at Recorded Future’s Insikt Group, highlighted that luxury brands are attractive targets for cybercriminals due to their affluent customer base. He emphasized the importance of protecting personal data across all systems, not just financial platforms. Kevin Marriott, Senior Manager of Cyber and Head of SecOps at Immersive, noted the ongoing trend of attacks against high-end retailers and stressed the need for businesses to continuously test their cyber defenses and train employees against cyber threats.
The ShinyHunters group has been linked to multiple high-profile data breaches in recent years. Their tactics often involve exploiting vulnerabilities in third-party platforms and using social engineering techniques to gain unauthorized access to sensitive data. In this instance, they reportedly engaged in ransom negotiations with Kering, demanding payment in Bitcoin. Kering has denied engaging with the group or making any payments, citing law enforcement advice against rewarding hackers.
This incident underscores the growing threat of cyberattacks in the luxury retail sector. As brands continue to digitize their operations and customer interactions, ensuring robust cybersecurity measures becomes increasingly critical. Customers are advised to remain vigilant, monitor their accounts for any suspicious activity, and be cautious of potential phishing attempts that may arise from such data breaches.
