Kering data breach has exposed how vulnerable even the world’s biggest luxury houses can be to cyberattacks. The French fashion giant, which owns Gucci, Balenciaga, and Saint Laurent, confirmed in June 2025 that hackers gained unauthorized access to its systems. While no bank details, credit card numbers, or government IDs were leaked, attackers managed to collect customer data that included millions of email addresses and spending information. The group behind the attack, known as Shiny Hunters, claims to have stolen records from 7.4 million customers and even demanded ransom in Bitcoin. Kering refused to pay but acknowledged the breach, informed regulators, and began notifying impacted customers.

TL;DR

Kering, parent company of Gucci and Balenciaga, confirmed a June 2025 data breach carried out by Shiny Hunters. The hackers claim to have accessed 7.4 million email addresses and leaked records with customer spending details. Kering stressed that no financial or government ID data was compromised. The company has refused to pay ransom, notified authorities, and is alerting affected customers.

What Happened

The breach was detected in June when Kering’s cybersecurity team found evidence of unauthorized access to its systems. Attackers viewed customer data across several of the group’s luxury brands. Fortunately, the company confirmed that no sensitive financial information—such as credit or debit card details, bank account numbers, or identity documents—was part of the data breach. Still, the exposed data gives attackers valuable insights into Kering’s customers, making the incident significant.

Who Is Behind the Breach

The attack was claimed by Shiny Hunters, a well-known hacking group with a history of high-profile data leaks. They allege they stole 7.4 million unique email addresses from Kering’s global customer database. To support their claims, the group published a sample set of thousands of customer records.

One particularly concerning field in the leaked dataset is “Total Sales”, which shows how much each customer has spent with Kering’s brands. Security experts warn that this detail could allow criminals to identify high-value shoppers and target them with personalized phishing or fraud attempts.

Ransom Demands

Shiny Hunters say they contacted Kering in early June with a demand for ransom, payable in Bitcoin. Kering has confirmed that it did not engage in negotiations and has refused to pay. This aligns with broader industry guidance, as paying ransom often emboldens attackers and does not guarantee data will be deleted.

Kering’s Response

After confirming the breach, Kering took several steps to limit its impact:

• Authorities notified: Relevant regulators and law enforcement were informed.
  
• Customers alerted: Impacted individuals have been contacted.
  
• Security tightened: Additional cybersecurity safeguards were rolled out across systems.
  

The company emphasized that financial integrity was not compromised and reassured customers that investigations are ongoing.

The incident highlights how luxury brands are becoming attractive targets for cybercriminals. Even without credit card numbers, customer databases with email addresses, purchase history, and spending habits are highly valuable. Such details can be exploited for phishing campaigns, identity theft, or resale on dark web markets.

For shoppers, the breach is a reminder to be cautious. Customers of Gucci, Balenciaga, or other Kering brands should remain alert for suspicious emails or messages that may try to impersonate official communications.

To Sum Up

The Kering data breach shows that prestige alone doesn’t shield global brands from cyber risks. Hackers are no longer just chasing credit card data; they are now exploiting customer insights that can be equally dangerous. Kering’s refusal to pay ransom and its quick response were crucial steps, but the incident serves as a warning across industries: cybersecurity must be treated as a core part of protecting both business reputation and customer trust.