Gucci, Balenciaga and Alexander McQueen Breach Linked to ShinyHunters

ShinyHunters reportedly hacked Kering, exposing Gucci, Balenciaga and Alexander McQueen customer data, raising risks of scams and spear phishing.

The private information of customers from top fashion houses like Gucci, Balenciaga, and Alexander McQueen has been stolen in a recent cyberattack. Reportedly, the hacker group behind this data breach is the notorious ShinyHunters, who targeted Kering, the Paris-based parent company of these luxury brands.

The data breach, which the hackers claim happened in April 2025, was only discovered by Kering in June 2025. The company has confirmed the incident and has notified relevant data protection authorities and customers by email.

“An unauthorised third party gained temporary access to our systems and accessed limited customer data from some of our Houses,” Kering stated.

While personal details like names, email addresses, phone numbers, and home addresses were reportedly stolen, no financial information, such as credit card numbers, was taken, Kering added. The company has not revealed how the hackers got into its networks, but it has since secured its IT systems.

ShinyHunters claims to have gotten a hold of 7.4 million unique email addresses. A small part of the stolen data, reviewed by the BBC, included details showing how much money people had spent in the stores.

Some customers in the sample had spent over $10,000, with a few reaching a huge $86,000. This information is a major concern because it could make these high-spending customers targets for future scams and hacks.

****Negotiations and Denials****

According to DataBreaches.net, which reviewed transcripts of the negotiations and was the first to publish on this incident, ShinyHunters reached out to Balenciaga in early June. The hackers claimed Balenciaga had agreed to pay a $750,000 ransom in Bitcoin and even made an initial transaction, but then backed out of the deal.

Kering, however, has publicly denied that any negotiations took place and says it has not paid any ransom, following advice from law enforcement.

The alleged negotiations’ chatlog between Shiny Hunters and Kering along with wallet payment screenshot (Credit: DataBreaches.net)

This attack seems to be part of a bigger trend, with other luxury companies like Cartier and Louis Vuitton also reporting similar data breaches around the same time. The hacker group is also suspected of having help from a different group known as Scattered Spider, which is known for tricking employees into giving up their login details.

This tactic was used in the Salesforce campaign that affected over 700 companies worldwide this summer. Google threat researchers have linked this group to a recent hacking campaign that abused the Salesforce platform.

If you are a customer of these brands, it is important to be extra careful. The stolen information could be used by scammers to make fake emails or messages look real.

****Expert Insights****

In a comment to Hackread.com, Roger Grimes, data-driven defence evangelist at KnowBe4, warned that the biggest risk to the customer after these types of data breaches is a very clever scam called “spear phishing,” which uses the stolen data to make a fake email or message look very real.

Roger warned that scammers can pretend to be a brand like Gucci and ask for updated credit card information, claiming the old one needs to be changed urgently. Because the scammer has access to your real purchase history, they can include past details that make their request seem legitimate, making you more likely to fall for the scam.