Luxury fashion conglomerate Kering, owner of brands including Gucci, Balenciaga and Alexander McQueen, has confirmed that hackers have stolen personal data belonging to potentially millions of its customers.
The Paris-based group said the breach occurred in June and involved the theft of names, phone numbers and email addresses. No financial details, such as bank account numbers, credit card information or government-issued identification were taken.
The cyber-attack has been attributed to the ransom-seeking group Shiny Hunters. In a statement issued on Monday, Kering said: “In June 2025, we identified that an unauthorised third party gained temporary access to our systems and accessed limited customer data from some of our houses. Our houses immediately disclosed the breach to the relevant authorities and notified customers according to local regulations.”
The company added that the breach had been “promptly identified” and that measures had been taken to secure affected systems and prevent future incidents. It did not specify which brands were impacted.
According to the website DataBreaches.net, Shiny Hunters last month posted samples of the stolen data on Telegram, including names, email addresses and dates of birth of Gucci customers. The BBC, which first reported Kering’s confirmation of the breach, said some leaked records revealed individual spending in stores of up to $86,000 (£63,000). Shiny Hunters told the broadcaster it had infiltrated the brands in April.
The incident follows a series of high-profile cyber-attacks on luxury and retail businesses. In July, Louis Vuitton disclosed that it too had been targeted by hackers who accessed customer data. British companies including Marks & Spencer, the Co-op and Harrods have also suffered significant breaches in recent months.
The wave of attacks has not been confined to the retail sector. Jaguar Land Rover’s UK production remains halted for a third consecutive week after a cyber-attack forced the carmaker to shut down its computer systems.
