Gucci, Balenciaga and McQueen hit by massive Kering data breach

Edited by: Top Class Actions | October 1, 2025

Category: Data Breach

(Photo Credit: T. Schneider/Shutterstock)

Kering data breach overview:

Who: Kering, the parent company of Gucci, Balenciaga and Alexander McQueen, was hit by a cyberattack affecting potentially millions of customers.
Why: The data breach exposed personal details, such as names, email addresses and phone numbers, but no financial data was compromised, Kering says.
Where: The breach impacts luxury brand consumers globally.

Kering has confirmed a significant data breach affecting its luxury brands, including Gucci, Balenciaga and Alexander McQueen.

According to Kering, the breach was identified in June 2025, when an unauthorized party gained temporary access to the company’s systems.

The stolen data includes names, email addresses, phone numbers and addresses, but crucially, no financial information, such as credit card numbers or bank details, was accessed.

The hacker group behind this attack, known as Shiny Hunters, claims to have obtained data linked to 7.4 million unique email addresses, suggesting a similar number of individual victims.

“In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information — such as bank account numbers, credit card information or government-issued identification numbers — was involved in the incident,” a Kering spokesperson said.

Hackers demand ransom; Kering refuses to comply

Shiny Hunters reportedly breached Kering’s systems in April and later contacted the company in June, demanding a ransom to be paid in Bitcoin. However, Kering has denied engaging in any negotiations with the hackers and has refused to pay the ransom, adhering to law enforcement advice against such actions.

The breach has raised concerns as some customers’ spending habits were revealed, with a few individuals shown to have spent between $30,000 and $86,000 in stores. This information could potentially make high spenders targets for further scams if the data is leaked to other criminals.

Kering has taken steps to secure its systems and prevent future breaches. The company has notified affected customers via email, although it has not publicly disclosed the number of individuals impacted.

Customers seeking more information about the data breach can contact Kering directly through its official communication channels. The company says it is working closely with authorities to address the situation and protect customer data.

Kering says it has not received any reports of misuse of the stolen data so far. The company is not currently facing legal action over the breach, but Top Class Actions follows such incidents closely as they sometimes lead to class action lawsuits.

In a rash of cyberattacks involving top designer brands, fashion giant Louis Vuitton announced a data breach on July 2, impacting more than 419,000 customers across several countries, including the United States.

Are you affected by this Kering data breach? Let us know in the comments.