Luxury giants Gucci, Balenciaga, and Alexander McQueen have suffered a data breach that leaked the personal information of millions of customers.
Paris, France-based Kering, which owns the luxury brands, disclosed that an attacker breached its systems and accessed limited customer data in June 2025.
“In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses.”
Gucci, Balenciaga, and Alexander McQueen data breach exposes customer information
The data breach exposed customer names, phone numbers, email addresses, physical addresses, dates of birth, and the total amount each customer spent at Kering-owned stores worldwide.
However, it did not leak customer financial information, such as bank account numbers and credit card details and government IDs such as driver’s license numbers or Social Security Numbers.
“No financial information – such as bank account numbers, credit card information, or government-issued identification numbers – was involved in the incident,” Kering stated.
Nevertheless, exposing customers’ total purchases exposes them to targeted phishing, which could ultimately trick them into disclosing their financial information.
“By the scammer having access to the user’s past history, they can include real details that happened in the past to make potential victims think they are dealing with the legitimate vendor and be more likely to fall for scams,” said Roger Grimes, data-driven defense evangelist at KnowBe4.
According to Brian Higgins, Security Specialist at Comparitech, scammers could also aggregate names, addresses, and overall customer expenditure at the stores to create a “target list for further cyber or indeed real-life criminality.”
Meanwhile, Kering said it has taken the necessary steps to notify relevant authorities and the impacted individuals upon learning of the data breach. The company also took immediate steps to secure the impacted systems to prevent similar incidents in the future.
However, the luxury giant has not disclosed the total number of customers affected, the identity of the threat actor, or whether the attacker had made any ransom demands.
For now, impacted customers should remain vigilant for unexpected and unsolicited communication from individuals purporting to be from Kering-owned brands. They should also change their passwords, enable multi-factor authentication (MFA), and closely monitor their accounts for suspicious activity.
ShinyHunters claims Kering data breach
The notorious hacking group ShinyHunters has claimed responsibility for the Gucci, Balenciaga, and Alexander McQueen data breach.
The group told the BBC that it breached the luxury fashion houses through their parent company, Kering, in April. Data samples shared with the British national broadcaster show customers’ total purchases, with many spending about $10,000, while top buyers spent between $30,000 and $86,000.
ShinyHunters claims to have obtained 7.4 million unique email addresses, which potentially represents the total number of customers affected.
According to databreaches.net, the cybercrime group stole 43 million Gucci data records, and 13 million records from Balenciaga, Brioni, and Alexander McQueen.
The English-speaking gang also alleges that it has been periodically communicating with Kering since early June to negotiate the ransom, a claim that the company has denied. To back up its claim, the group reportedly provided negotiation chat logs suggesting that Kering had agreed to pay 500,000 euros (over $591,000) but never followed through.
However, Kering has ruled out paying the ransom in accordance with the law enforcement advisory discouraging incentivizing cybercrime.
“Organizations being breached via an attack on a shared parent organization has become increasingly common, as the massive wave of companies breached through the attack on Salesforce has shown,” noted Pete Luban, Field CISO at AttackIQ. “Organizations need to shore up their defenses through AI-backed security platforms that can keep up with evolving threat actors. Additionally, emulating the attacks of popular ransomware groups like Scattered Spider or ShinyHunters can help security teams identify gaps in their platforms and close them before an attacker can exploit them.”
ShinyHunters was credited for breaching over a dozen high-profile organizations via Salesforce cloud-based CRM systems through voice phishing. The vishing campaign has so far affected LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co., French Luxury giant Chanel, German fashion giant Adidas, and the Danish jewelry maker Pandora.
“This is a rather alarming step in a growing trend of attacks on high-value retail brands. Aside from all of the usual advice surrounding digital security measures, the most obvious threat to customers here lies in the value of the stolen data,” added Higgins.
The hacking group, working as part of the Scattered Lapsus$ Hunters collective, also claimed responsibility for the Jaguar Land Rover cyber attack that halted production, sales, and auto parts distribution.

