Kering suffers massive data breach affecting millions of luxury customers

In April 2025, Kering, the French luxury conglomerate and parent of high-profile fashion brands including Gucci, Balenciaga, and Alexander McQueen, experienced a significant cyberattack that resulted in the theft of potentially millions of customer records. The attack was carried out by the hacker group known as ShinyHunters, who have been implicated in similar incidents across the luxury goods sector. Kering later confirmed that while personal information such as customer names, email addresses, physical addresses, and phone numbers were compromised, financial information, including bank account details, remained secure. The breach was part of a troubling trend that has seen luxury brands become increasingly vulnerable to cybercriminals, especially as they cater to a wealthy clientele willing to spend large sums of money. Following the data breach, Kering took steps to secure their systems and notified affected customers, but the breach has raised concerns within the industry regarding cybersecurity measures and their adequacy in the face of evolving threats. This incident occurred against a backdrop of declining sales within the luxury sector, exacerbating the pressure on Kering as they reported a drop in sales earlier in the same year. The luxury goods industry, which has been facing a predicted decline of 2% to 5% in sales, finds itself under siege not just from economic pressures, but also increasingly from sophisticated cybersecurity breaches. Luxury brands must now reassess their cybersecurity investments, as many have traditionally focused on customer-facing technologies rather than fortifying their digital defenses. As the situation develops, Kering refuses to pay the ransom demanded by the hackers, which has prompted fears that the sensitive data could be sold to other criminal organizations. The attack has put Kering in a precarious position, highlighting both the growing threat of cybercrime in the luxury sector and the need for robust cybersecurity practices to protect customer data and maintain brand reputation.