Kering’s Gucci, Balenciaga, and McQueen Hit by ShinyHunters Data Breach Impacting Millions of Customers
Published
- Kering data breach: The luxury retail sector is on high alert following a significant April cyberattack at Kering.
- What was stolen: The attack exposed data linked to 7.4 million unique email addresses, including names and phone numbers.
- Kering confirms: Financial information, such as credit card numbers or bank account details, was not affected.
Kering, the parent company of world-renowned luxury retail brands Gucci, Balenciaga, and Alexander McQueen, confirmed a data breach. The ransomware group known as ShinyHunters has claimed responsibility for the attack, exfiltrating the private data of millions of customers.
Details of the Kering Breach
The data breach occurred in April, but details have recently emerged, according to the BBC. Kering has confirmed that an unauthorized third party gained temporary access to its systems and exfiltrated a limited set of customer data.
The attackers, identified as the ShinyHunters ransomware group, claim to have stolen data linked to 7.4 million unique email addresses. ShinyHunters breached the luxury brands in April through Kering, according to messages sent to the BBC over Telegram.
“Thousands of customer details that appear to be genuine” were shared with the BBC in a sample serving as proof. Analysis of a sample of the stolen data revealed that some customers had spent tens of thousands of dollars.
The compromised information includes:
- customer names,
- email addresses,
- phone numbers,
- physical addresses,
- total spending history with the brands.
The company has stated that no financial information, such as credit card numbers or bank account details, was compromised in the incident.
ShinyHunters claimed to have contacted the company in early June for negotiations, but Kering denied engaging in any conversations with the gang and stated it has refused to pay the ransom, the report said.
Potential Risks
This specific detail poses a significant secondary risk, as high-spending individuals could become targets for sophisticated phishing campaigns and other scams. Kering has stated that it has notified affected customers via email and reported the incident to relevant data protection authorities.
The incident highlights the critical importance of robust cybersecurity measures for companies that handle sensitive customer data, especially in the luxury sector, where client information is particularly valuable.
ShinyHunters Activity
Since at least October 2024, ShinyHunters (UNC6040) used voice phishing (vishing) in calls to organizations' help desks, tricking employees into granting access or sharing credentials to Salesforce environments.
A Mandiant investigation determined that Salesforce-related threat actor activity began between March and June 2025, impacting Proofpoint, Google, Tenable, Cisco, Palo Alto Networks, Cloudflare, Air France-KLM Group, Qantas Airlines, Chanel, Louis Vuitton, Dior, Tiffany & Co., and more.
However, Kering did not disclose whether Salesforce was involved.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular