Luxury fashion brands Gucci, Alexander McQueen and Balenciaga have suffered a customer data breach, in another attack linked to the ShinyHunters gang.
The impacted data reportedly includes details of how much money individual customers have spent with the brands. ShinyHunters has claimed to have harvested data relating to 7.4 million unique email addresses.
This according to a sample of files it ShinyHunters claimed to have exfiltrated which was shared with the BBC.
This sample contained thousands of customer details, “which appear to be genuine.”
ShinyHunters told the BBC it had breached the luxury brands through Kering in April and contacted the firm in June to negotiate over a ransom payment.
The cyber-attack was confirmed by Kering, the French-based holding company for all three brands.
In a statement to the BBC, Kering revealed that the incident took place in June, when an unauthorized third party gained temporary access to its system and accessed limited customer data from its brands.
“No financial information – such as bank account numbers, credit card information, or government-issued identification numbers – was involved in the incident,” the company added.
Kering denied it had engaged in any conversations with the perpetrators, the BBC report stated.
Customers at Risk of Follow-on Attacks
Commenting on the incident, Joseph Rooke, director of risk insights at Recorded Future’s Insikt Group, said that the latest breach affecting Gucci, Balenciaga and Alexander McQueen underlines the risks luxury brands face as prominent targets for cybercrime.
“Attackers are drawn to these companies not only because of the global recognition of their brands, but also because their customer bases include high-net-worth individuals whose personal details can be especially valuable,” he noted.
Rooke also warned that the exposure of customer spending data could increase the risk of follow-on fraud, particularly if the information is sold on the dark web to other criminal actors.
The attack on Kering follows a number of incidents affecting high-profile fashion brands in recent months, including Dior, Adidas, Louis Vuitton, Cartier, Chanel, Pandora and Victoria’s Secret.
Read now: Retail Ransomware Attacks Jump 58% Globally in Q2 2025
These incidents have been linked to the ShinyHunters hacking group, which has reportedly compromised Salesforce customer instances using vishing techniques.
A Trend Micro threat researcher noted that the latest reported attack on Kering seems to have occurred before the initial public disclosure that corporate Salesforce instances had been targeted back in June, which was provided by Google.
“The fact that they’re only now announcing the Kering breach could signal that more victims are still having their data processed by the group behind the scenes,” they warned.
Infosecurity has reached out to Kering for comment but has not received a response at the time of writing.
Image credit: Zigres / Shutterstock.com
