Gucci, Balenciaga & Alexander McQueen Data Ransomed by Hackers in Growing Wave of Fashion Breaches

Key Takeaways

• Source & Scope: According to a BBC report, Shiny Hunters claim to have stolen data tied to 7.4 million unique emails from Gucci, Balenciaga, and Alexander McQueen customers.
• Data Exposed: Names, email addresses, phone numbers, postal addresses, and “Total Sales” amounts were taken; no payment card or government-ID data were reported.
• Elevated Risk: Spending records in the sample show some customers spent $30,000–$86,000, increasing risks of targeted scams and follow-on attacks.
• Company Response: Kering notified data-protection authorities and contacted affected customers, denies ransom negotiations, and says its IT systems have been secured.
• Industry Trend: This adds to a growing list of fashion breaches, Louis Vuitton reported a cross-border incident (including ~143,000 affected in Turkey tied to a third-party provider), with Cartier and North Face also recently hit.

Deep Dive

Millions of customers of luxury fashion houses Gucci, Balenciaga, and Alexander McQueen may have had their personal details compromised after a cyberattack targeting their parent company, Kering, according to a report from the BBC.

The cybercriminal group calling itself Shiny Hunters claims to have stolen data linked to 7.4 million unique email addresses in a breach that occurred in April. The stolen information reportedly includes names, phone numbers, addresses, email addresses, and records of how much individuals spent at the brands’ stores.

Although Kering confirmed the incident, the company stressed that no financial data such as credit card numbers or government-issued identification was accessed. Still, the leaked files include “Total Sales” information showing spending habits, with some customers recorded as having spent more than $10,000, and in some cases between $30,000 and $86,000. Experts warn such details could make high-spending customers prime targets for follow-on scams or extortion attempts.

Kering said it reported the breach to relevant data protection authorities and contacted affected customers directly, but has not disclosed the total number impacted. Legally, the company is not obligated to issue a public statement so long as it informs those affected individually.

Shiny Hunters told the BBC that they had entered on-and-off ransom negotiations with Kering over a Bitcoin payment, but the French luxury group denies this, saying it followed law enforcement guidance by refusing to engage or pay.

A company spokesperson said, “In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information — such as bank account numbers, credit card information, or government-issued identification numbers — was involved in the incident.”

Kering said it has since secured its IT systems.

A growing list of fashion victims

The incident adds Kering’s brands to a growing list of luxury fashion houses grappling with cyberattacks. Just weeks earlier, Louis Vuitton confirmed a cross-border data breach that exposed customer details in the UK, South Korea, and Turkey. The breach, believed to have originated from a compromised third-party provider, impacted at least 143,000 individuals in Turkey alone and raised concerns about vendor risk management in the sector.

Cartier also disclosed a breach earlier this year, while other fashion and retail brands such as North Face have been targeted in similar attacks. The cluster of incidents highlights a troubling trend of cybercriminals focusing on luxury retailers whose high-value clientele and global digital operations make them attractive targets.

Shiny Hunters, also tracked by Google security researchers under the codename UNC6040, has previously been linked to large-scale attacks on other companies, often through tactics that involve tricking employees into disclosing login credentials for internal systems. Google itself reported falling victim to such a campaign.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.