A recent data breach has exposed personal information of millions of Kering customers, including those who shop at Gucci, Balenciaga, and McQueen. Hackers gained access to names, birthdates, contact details, and purchase histories between April and June 2025. While financial info like credit card numbers wasn’t affected, the breach could lead to scams and identity theft. To understand how this happened and what it means for you, keep exploring further.
Key Takeaways
- Hackers accessed personal data of approximately 7.4 million Kering customers, including Gucci, Balenciaga, and McQueen.
- Data exposed includes names, birthdates, contact info, addresses, and purchase histories, but not financial details.
- The breach occurred between April and June 2025, linked to vulnerabilities in Kering’s systems.
- Kering notified affected customers and authorities, warning of increased risks of scams and identity theft.
- The attack underscores cybersecurity vulnerabilities in luxury brands and the need for stronger data protection measures.
A recent data breach has compromised the customer information of several Kering luxury brands, including Gucci, Balenciaga, and Alexander McQueen. If you’re a customer of these brands, this incident might affect you more than you realize. Hackers gained unauthorized access to Kering’s systems between April and June 2025, though the breach wasn’t publicly disclosed until months later. During this time, they accessed and exposed personal data of about 7.4 million customers across the brands. This included millions of records—43 million from Gucci alone, along with 13 million from Balenciaga, Brioni, and McQueen combined. The data set contained names, birthdates, phone numbers, email addresses, and home addresses. Importantly, detailed spending records were also exposed, revealing how much you’ve spent in stores, but no sensitive financial details like credit card or bank account numbers were compromised. The breach involved unauthorized third-party access to limited customer data, which indicates the vulnerability of the company’s data security measures during that period. The hackers responsible are linked to the group ShinyHunters, which has a reputation for targeting high-profile brands. They initially breached Gucci’s systems in 2024 through vulnerabilities in Kering’s Salesforce CRM, then moved on to other brands. In June 2025, the group attempted to negotiate a ransom from Balenciaga, reportedly asking for €750,000 paid in Bitcoin. Following the breach, law enforcement in Paris arrested several members of ShinyHunters and those involved in leak sites like BreachForums, signaling ongoing efforts to combat these cybercriminals.
A data breach exposed personal details and spending records of millions of customers across Gucci, Balenciaga, and other Kering brands.
Kering confirmed the breach and promptly notified relevant data protection authorities. They also reached out directly to affected customers, informing them of the incident and advising caution against potential follow-on phishing attacks or identity theft. Since the exposed data didn’t include financial account details, there’s no immediate risk of direct monetary loss. However, the personal information now in the wrong hands could be used for scams, such as targeted phishing or identity fraud, especially given the detailed nature of the leaked data. This breach highlights the importance of user consent management in protecting sensitive customer information.
This breach underscores the growing cybersecurity threats facing luxury retailers. Other high-end brands like Dior and Chanel experienced similar attacks in 2025, exposing vulnerabilities in how these companies handle customer data, especially in third-party systems. Industry experts warn that such breaches can cause long-term disruption, damage brand reputation, and require significant resources to resolve. In response, Kering has taken steps to secure their systems, investigated the breach, and collaborated with law enforcement and data protection agencies. While they haven’t confirmed paying any ransom, the incident highlights the importance of robust cybersecurity measures, especially when dealing with wealthy clients whose data is highly valuable to cybercriminals.
Frequently Asked Questions
How Many Customers Were Affected by the Breach?
You’re affected because approximately 7.4 million of your email addresses and spending details were compromised in the breach. While Kering hasn’t specified the exact number of individual customers impacted beyond email access, the exposure includes genuine customer data, mainly contact and transaction info. Be cautious of phishing attempts or spam using your leaked email, and stay alert for any suspicious activity related to your accounts.
What Specific Data Was Compromised in the Breach?
Imagine your personal details like a fragile glass, now shattered in a breach. You’re exposed to stolen data including your name, email, phone number, and address. Your shopping history and spending amounts, some over $30,000, are also compromised. Criminals can use this information for scams or resale, putting your financial security at risk. Protecting yourself means staying vigilant for targeted phishing and monitoring your accounts closely.
Has Kering Disclosed the Breach to Authorities?
Yes, Kering disclosed the breach to authorities promptly after discovering it in June 2025. You can rest assured that they reported the incident to relevant data protection agencies as part of their legal obligations. They also took steps to secure systems and inform affected customers. While the breach was publicly revealed by hackers later, Kering’s official notifications to authorities were timely and in line with regulatory requirements.
Are Affected Customers Eligible for Compensation?
Yes, you might be eligible for compensation if you’ve suffered harm like identity theft, scams, or privacy invasion due to the breach. However, since no financial data was exposed, direct financial losses are less likely, and claims may focus on emotional distress or privacy concerns. To pursue compensation, you’ll need to demonstrate that you experienced harm, and companies often offer identity protection services rather than direct payouts.
What Steps Are Kering Brands Taking to Prevent Future Breaches?
Kering brands are actively strengthening their cybersecurity defenses by deploying advanced protocols like zero trust architecture and Privileged Access Management systems. They conduct regular security audits, monitor credentials continuously, and train employees to recognize cyber threats. They also have an incident response team and collaborate with authorities to quickly address breaches. These extensive measures aim to prevent future incidents, safeguard customer data, and maintain trust in their brands.
Conclusion
So, after all that fuss about luxury and exclusivity, it turns out even the most prestigious brands can’t keep your data safe. You splurge on their latest collections, only to find out your information is now out there for all to see. Ironically, the brands that pride themselves on security and status are the ones most vulnerable. Guess that’s the real luxury—trusting a brand that can’t even protect your data.
Born in Dubai to Pakistani parents, Aisha deeply understands Middle Eastern and South Asian luxury markets. She excels in forging strategic partnerships with top-tier luxury brands worldwide, fostering cross-cultural collaborations that enhance our global presence.
