A massive hack hit Gucci, Balenciaga, and Alexander McQueen. Millions of customers had their personal data exposed, though Kering, the parent company, did not specify the full extent.
[ZATAZ News English version] – Kering confirmed it suffered a cyberattack targeting several of its luxury brands. Hackers accessed sensitive customer information, including names, addresses, phone numbers, emails, and purchase histories. No banking details were compromised. According to the BBC, some clients had spent up to $86,000 (€79,900), raising fears that high-spending profiles could become targets for scams.
Prestige data exposed
The stolen information goes beyond a simple contact list. It includes consumption details in Gucci, Balenciaga, and Alexander McQueen boutiques. For cybercriminals, such data is a valuable asset for phishing campaigns, extortion, or personalized fraud. Data protection authorities have been notified, and Kering claims it blocked the intrusion as soon as it was detected.
The stolen information goes far beyond a simple address book. It includes spending details from Gucci, Balenciaga, and Alexander McQueen boutiques. For cybercriminals, such data is a powerful lever to launch targeted phishing, blackmail, or personalized scams. Data protection authorities have been notified, and Kering claims it shut down the unauthorized access as soon as it was detected. ZATAZ had already reported in June, on June 1st, the appearance of the first internal documents leaked by a hacker.
The Shiny Hunters collective, already known for major leaks, claimed responsibility. It shared with the BBC a sample of thousands of customer records, deemed authentic. The group claims to hold data linked to 7.4 million unique email addresses, suggesting a comparable number of victims. Kering reportedly refused to pay the ransom demanded after the breach, highlighting a classic standoff between large corporations and cybercriminals.
Defense lines and blind spots
Kering explained that the incident, detected in the spring, only allowed “temporary access” to certain customer data, without exposing banking details or official IDs. The group insists the breach was limited but has not disclosed the exact number of affected customers. This silence fuels uncertainty, particularly for high-profile clients who may be targeted by sophisticated fraud campaigns.
