Kering, the parent of luxury fashion brands Gucci, Balenciaga, McQueen, and others, on Monday, confirmed it was the victim of a massive breach, now claimed by the notorious Shiny Hunters hacker gang, along with 7.4 million files of stolen customer data.
The French family-led luxury group allegedly suffered the data breach back in April, according to the threat actors known as Shiny Hunters (UN3944) – who reportedly claimed responsibility for the attack on its "ransom negotiations chat.”
That’s according to the blogsite DataBreaches.Net, which first broke the story last Thursday – even before the luxury company seemingly was forced to finally admit to the hack.
A Kering spokesperson confirmed the incident with the BBC on Monday, stating, "In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses.”
Ade Clewlow MBE, Senior Advisor at cybersecurity consulting firm NCC Group, says the attack on Kering is just another demonstration of "the target on retailers’ backs."
“Although the data breach took place in April 2025, around the time of the M&S hack, it has only become public knowledge months later, thanks to the hackers publicizing their work,” Clewlow points out.
“This drives home the fact that a ransomware attack isn’t just a momentary disruption – it can be a battle that takes months and drains time, resources, and resilience,” he says.
Customer data at risk
Besides Gucci, Balenciaga, and Alexander McQueen, the global luxury goods holding company houses close to a dozen high-end brands, including Saint Laurent, Bottega Veneta, Brioni, Boucheron, Pomellato, DoDo, Qeelin, Ginori 1735, Kering Eyewear, and Kering Beauté.
Headquartered in Paris, the company website shows Kering’s annual revenue in 2024 was €17.2 billion.
In its statement, Kering says “No financial information - such as bank account numbers, credit card information, or government-issued identification numbers - was involved in the incident."
The data is said to be limited to names, addresses, phone numbers, email addresses, and the total amount customers spent in the luxury stores worldwide, reports the BBC, which says it has also spoken with Shiny Hunters.
The conversation on this topic is live. Join in the discussion.
Clewlow says the possible leak of private information and spending data exposes “high-net-worth individuals to significant risk.”
He warns that Kering’s fashion house customers must be “hyper-vigilant to phishing attempts seeking personal information, online credentials, or payment of any kind.”
Kering vs. Shiny Hunters
ShinyHunters appears to have reached out to Balenciaga in early June, according to negotiations transcripts seen by DataBreaches, claiming it had possession of 7.4 million unique email addresses.
Purportedly, the hackers told the blogsite that Balenciaga had agreed to a $750,000 ransom demand, but then reneged on the deal.
DataBreaches writes, “When Balenciaga did not follow through on their promises to pay after more than two months negotiations, ShinyHunters shared sample data and the full negotiation chat log” with the blogsite.
Kering has denied it ever engaged or negotiated with the infamous cybercriminal cartel as instructed by authorities. Cybernews has reached out to Kering and is awaiting a response.
The BBC says some of the files from a "small sample" shared by Shiny Hunters include what appears to be a "genuine" copy of the stolen emails, as well as the "Total Sales" for how much each customer spent at each of the fashion house stores.
Some customers are shown "to have spent more than $10,000, and a handful spending $30,000-$86,000," the news outlet said.
Clewlow believes Kering’s alleged refusal to pay is a positive sign.
“We would never advise paying a ransom,” the senior consultant explains. “It essentially funds organized crime, and there is no guarantee that the criminals would hold up their side of the deal, whether that is deleting data or giving it back.”
Still, Clewlow says that, "unfortunately, this is the difficult situation many businesses find themselves in when they fail to invest in preventative measures."
Luxury is the new target
Shiny Hunters has been linked to the recent Salesloft Drift/Salesforce hacking campaign, which hit more than 700 companies worldwide this summer, according to Google threat researchers.
The group is now suspected of having help from the high-profile M&S hackers, Scattered Spider (UNC6040), a ransomware gang known for its sophisticated social engineering tactics targeting victims' employees, pretending to be IT help desk workers.
Kering has not revealed the methods used by the cyberattackers to successfully infiltrate its networks, or whether the company utilizes Salesforce CRM software.
The luxury goods company did say it has since secured its IT systems, “disclosed the incident to relevant data protection authorities,” and has sent emails to the undisclosed number of affected customers.
Since April, multiple luxury brands – including French houses Louis Vuitton and Dior, part of the LVMH group, Chanel, and the Danish jewelry-maker Pandora – have also been targeted by ransomware in what have become highly-publicized attacks designed, not only for financial gain, but to tarnish those brands' reputations.
All the aforementioned luxury companies were believed to have been compromised via Salesforce instances.
Distinguished automaker, the UK-based Jaguar Land Rover, also suffered a devastating attack last month, which has since been claimed by Shiny Hunters and its ransomware cohorts Scattered Spider and the LAPSUS$ group.
Unlock more exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked