Kering, the France-based parent of luxury brands such as Alexander McQueen, Balenciaga and Gucci, has admitted that customers’ personal data has been compromised following an apparent ransomware attack linked to Shinyhunters, which hacked the group through a wide range of different sales force instances.
The data that was purged is believed to contain personal information, including names and contact details, as well as information about customers’ spending history. The firm said no financial or credit card data was affected.
A spokesperson for the organization told the BBC that the compromise was discovered in June. They said: “An unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our homes. The incident did not involve financial information… or government-issued identification numbers.”
The BBC also reported that Kering said it had refused to pay the ransom. However, through a Telegram chat with a purported Shinyhunters representative claiming responsibility for the attack, the broadcaster also learned that talks had apparently taken place. Shinyhunters apparently breached Kering’s security in April.
Kevin Marriott, head of cybercrime and security operations at Enviro , said the apparent delay likely indicates some form of negotiation to suppress the leak has indeed taken place — or perhaps that the data has now been sold and is being used.
Nevertheless, he said the latest attacks continue a trend of incidents affecting luxury brands also targeting Kering’s rival LVMH.
“What makes this particular breach so concerning is that not only emails, phone numbers and addresses, but also data related to customer spending can be used to prioritize affected customers as targets in future attacks using targeted social engineering attacks or identity fraud,” Marriott said.
“The latest breach affecting Gucci, Balenciaga and Alexander McQueen highlights the risks luxury brands face as prominent targets of cybercrime,” added Joseph Rock, Director of Risk Insights at the Future Insights Group in the area.
“Attackers are attracted to these companies not only because of their globally recognized brands, but also because their customer bases include high-net-worth individuals whose personal information may be particularly valuable.”
Story control
The Shinyhunters’ use of high-profile national broadcasters to spread their message as widely as possible has been a hallmark of the extensive cyberattack campaign that the gang, and its associated “operations” such as the Scattered Spider, have been carrying out in 2025.
Speaking to MPs in July, Marks & Spencer chairman Archie Norman described the “extraordinary experience” of learning new developments in the widespread spider attack on the retailer from the BBC, where journalists have been in contact with several hackers.
Lee Sult, lead investigator at Binalyze , said that in too many cases, victims lost control of the narrative and allowed their attackers to inflict more harm by going public.
“If attackers control the narrative, they can further damage the reputation of their targets and potentially spread misinformation,” Sult said.
“Starting it up front and owning the story means organizations can refute false claims with confidence. But for that to happen, an investigation can’t be something that happens after the dust has settled.
“Instead, it should be completed in hours, not days, bringing light to the unclear areas so that attackers have less room to construct narratives,” he said.
