Luxury fashion conglomerate Kering has confirmed a significant data breach that exposed customer information from some of its flagship brands, including Gucci, Balenciaga, and Alexander McQueen. While the company did not name the affected labels in its public statement, BBC reports that hackers accessed sensitive personal data linked to millions of clients.
The breach, discovered in June 2025, involved an unauthorised third party gaining temporary access to Kering’s internal systems and extracting data from several of its “Houses.”
Stolen data includes purchase history and personal identifiers
According to the BBC, the hacker group identifying itself as “Shiny Hunters” claims to possess data linked to 7.4 million unique email addresses. The leaked dataset includes names, email addresses, phone numbers, physical addresses, and cumulative purchase amounts made at the luxury stores — information that can be used for profiling or phishing attacks.
Kering clarified that no payment-related data such as credit card or bank details were compromised. However, the breadth of exposed information raises major concerns over privacy, customer targeting, and brand trust in the high-value retail sector.
Luxury retail faces rising cyber risk
This breach adds to a growing list of high-end fashion brands facing cybersecurity incidents. In recent months, Richemont’s Cartier and multiple LVMH brands have reported similar compromises. In July, Hong Kong authorities launched an investigation into a leak involving over 419,000 Louis Vuitton customers.
Analysts suggest that luxury retailers — known for high-net-worth clientele and detailed consumer profiling — have become attractive targets for cybercriminal groups, especially those motivated by data resale or ransomware operations.
Regulatory response and customer notification
Kering stated that it has reported the breach to relevant authorities and notified affected customers in accordance with regional data protection laws. However, it has not disclosed which countries or regions were impacted. The group said it continues to monitor its systems and has reinforced security protocols.
The incident serves as a stark reminder that even brands built on legacy, exclusivity, and aesthetic precision are vulnerable to modern digital threats — and must prioritise cybersecurity alongside customer experience.
