The luxury group Kering has confirmed it fell victim to a cyberattack that granted unauthorized access to customer data. The incident, detected in June 2025, affected several of its maisons, including Gucci, Balenciaga, and Alexander McQueen. The BBC disclosed the incident on September 15.
The attack has been attributed to the hacker group ShinyHunters, which says it has stolen data linked to 7.4 million email addresses. The stolen data include names, email addresses, phone numbers, postal addresses, and the total amounts spent in-store.
Kering noted that no financial information — such as credit card numbers — was compromised during this intrusion.
According to BBC reports, the hackers stole the information in late 2024 but only began negotiating a ransom in June 2025. Data relating to customers of Balenciaga, Brioni, and Alexander McQueen were reportedly obtained later: April 23, 2025.
Kering stressed that the impact is limited and said it is following applicable regulatory procedures, informing the authorities and notifying affected customers in accordance with local laws. But the group has not disclosed a financial assessment of the incident.
This attack comes amid a growing wave of cybersecurity incidents targeting the luxury and retail sector. Cartier (Richemont) and several Louis Vuitton brands from LVMH have already been affected by data breaches. A leak involving around 419,000 Louis Vuitton customers was reported in July.
Related topics
See all Cybersecurity articles
{ Expert Column } – Cybersecurity: why sovereignty is now an urgent priority
By
Xavier Duros *
5 min.
Project Zero changes its vulnerability disclosure policy
By
Clément Bohic
Salesloft vulnerability: support tickets exposed… and more
By
Clément Bohic
NIST standardizes “light” cryptography for IoT
By
The Editorial Team
{ Expert Column } – Vibe coding: good or bad vibe?
By
Martyn Ditchburn *
