Hackers steal millions of Gucci and Balenciaga customer records in data breach
Cyber criminals have stolen the personal details of millions of customers of luxury fashion houses Gucci, Balenciaga and Alexander McQueen, parent company Kering has confirmed.
The breach, carried out in April, exposed names, email addresses, phone numbers, physical addresses and details of the total amounts spent in stores worldwide. While no financial information such as bank account numbers or credit card details was taken, analysts warn that the data could leave high-spending customers vulnerable to scams.
A hacker known as Shiny Hunters has claimed responsibility for the attack, telling the BBC they accessed Kering’s systems and had been in on-and-off ransom negotiations with the French group. Kering has denied any discussions, insisting it refused to pay.
“In June, we identified that an unauthorised third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information—such as bank account numbers, credit card information, or government-issued identification numbers—was involved in the incident,” a spokesperson for Kering said. The company added that its systems have since been secured and that relevant data protection authorities have been informed.
The hacker claims to hold 7.4 million unique email addresses, suggesting a similar number of victims. A sample of the data shared with the BBC contained thousands of genuine customer records, some showing spending in excess of $80,000. Cybersecurity experts warn that such information could make individuals prime targets for further attacks.
Kering has contacted affected customers directly by email but has not disclosed the exact number of people impacted. Legally, the firm is not required to issue a public statement as long as it has notified individuals privately.
The incident comes amid a series of attacks on luxury brands. Cartier and Louis Vuitton were also targeted earlier this year, although it is unclear whether those breaches are connected to Shiny Hunters. Google has previously linked the group, also known as UNC6040, to a wave of cyberattacks that trick employees into handing over Salesforce login details.
Experts have urged potential victims to take immediate steps such as changing passwords, enabling two-factor authentication and remaining alert to scam emails and calls. The UK’s National Cyber Security Centre has advised that scammers often attempt to create urgency, pressuring individuals to act quickly, and warned people never to reuse passwords across accounts.
