French luxury holding Kering, which owns the brands Gucci, Balenciaga, and Alexander McQueen, has confirmed a cyberattack that resulted in the theft of customer personal data. The incident occurred in the spring of 2025, but it became publicly known only after a BBC report, which obtained information directly from the perpetrators.
According to the company, unauthorized access to its systems was detected in June. The hackers obtained a limited set of customer data, including names, email addresses, phone numbers, and amounts spent in the brands’ stores. Kering emphasized that no financial information (such as bank card data, account numbers, or identification documents) was stolen.
The attack was carried out by the hacker group ShinyHunters, known for a series of cybercrimes against major companies. The group claimed to have stolen information linked to 7.4 million unique email addresses and provided the BBC with a sample of the stolen files. Analysis showed that some customers had spent tens of thousands of dollars on brand products, with individual cases reaching as high as $86,000. Experts warn that the publication of such data may create additional risks for wealthy clients, including targeted fraudulent attacks.
ShinyHunters claim they gained access to the systems back in April and approached Kering in June with a ransom demand in Bitcoin. They said the negotiations were intermittent, but that the company allegedly engaged in dialogue. Kering denied these claims, stating that no negotiations took place and that paying a ransom is impossible in accordance with law enforcement recommendations.
Kering has notified regulators and affected customers, and also announced that it has strengthened IT system protections. The incident coincided with a series of attacks on other luxury brands, including Cartier and Louis Vuitton, which also faced data leaks. It remains unclear whether these cases are connected.
In June, Google cybersecurity specialists warned of an increase in attacks linked to ShinyHunters, which also targeted the tech giant itself. Within Google, the group is known under the codename UNC6040: the hackers stole data by tricking employees and gaining access to internal Salesforce software.
Experts advise brand clients to exercise particular caution: not to open suspicious emails and messages, to use unique passwords, enable two-factor authentication, and, in case of doubt, to contact banks or other institutions directly through official channels.
Share this with your friends!
10
Be the first to comment
Please log in to comment