ShinyHunters has reportedly breached Kering’s systems, compromising customer data from luxury brands including Gucci, Balenciaga, and Alexander McQueen, thereby increasing the risk of scams and spear-phishing attacks.
In a recent cyber incident, sensitive customer information from prominent fashion labels such as Gucci, Balenciaga, and Alexander McQueen has been compromised. The hacker group involved, known as ShinyHunters, targeted Kering, the Paris-based parent company overseeing these luxury fashion houses.
The breach reportedly occurred in April 2025, but Kering only became aware of it in June 2025. The company has acknowledged the incident, informing relevant data protection authorities and affected customers through email notifications.
In a statement, Kering confirmed that “an unauthorized third party gained temporary access to our systems and acquired limited customer data from some of our Houses.” While the breach included personal details such as names, email addresses, phone numbers, and physical addresses, Kering emphasized that financial information, including credit card numbers, remains secure. The company has not disclosed the method of the breach but asserts that its IT systems have since been fortified.
ShinyHunters claims to have obtained approximately 7.4 million unique email addresses. A subset of the stolen data, which has been reviewed, reportedly indicates the spending habits of customers, with some individuals having spent over $10,000, and a few reaching amounts as high as $86,000. This type of financial information poses significant risks, potentially making these high-value customers targets for future scams and phishing attacks.
Negotiations and Denials
According to reports, ShinyHunters contacted Balenciaga in early June, claiming that the brand had agreed to a ransom payment of $750,000 in Bitcoin, with an initial transaction made before the deal fell through. However, Kering has publicly denied engaging in any negotiations or making ransom payments, adhering to guidance from law enforcement.
This incident highlights a growing trend, as other luxury brands such as Cartier and Louis Vuitton have reportedly faced similar breaches around the same timeframe. ShinyHunters is suspected of collaborating with another group, Scattered Spider, known for employing social engineering tactics to extract login information from employees.
This tactic was also evident in a recent campaign impacting Salesforce, affecting over 700 companies globally. Cybersecurity experts from Google have tied Scattered Spider to a series of sophisticated hacking campaigns leveraging the Salesforce platform.
Customers of the affected brands are advised to exercise increased caution, as the stolen information could facilitate sophisticated scams through mimicked communications that appear credible.
Expert Insights
In comments made by cybersecurity experts, the primary threat following such breaches is often spear phishing. This fraudulent practice uses stolen data to create convincing email or messaging scenarios. Scammers might impersonate legitimate brands, such as Gucci, soliciting urgent updates on credit card information under the guise of security needs. Given access to real purchase histories, these communications can seem trustworthy, enhancing the likelihood that victims may fall prey to such scams.
