The hacker group “Shiny Hunters” has claimed responsibility for stealing data linked to 7.4 million email addresses, including luxury purchase histories—potentially making high-spending customers prime targets for phishing—using tactics like fake portals and credential theft
Kering, the luxury fashion conglomerate behind brands such as Gucci, Balenciaga, and Alexander McQueen, has confirmed a cybersecurity breach that compromised customer data from several of its high-profile labels. The incident, which occurred earlier this year, is believed to have exposed personal details of millions of customers across the globe.
The breach came to light in June when Kering’s internal systems detected unauthorized access. While the company insists no financial or government ID information was accessed, leaked data reportedly includes customer names, email addresses, phone numbers, physical addresses, and records of previous purchases.
Hackers claim responsibility, boast of luxury customer data
A cybercriminal group identifying as “Shiny Hunters” has claimed responsibility for the breach, alleging they obtained data tied to more than 7.4 million unique email addresses. More concerning is the presence of spending history, with some individual customers reportedly having spent between $10,000 and $86,000 on luxury goods — data that could make them high-value targets for fraud or phishing scams.
The group is known for exploiting internal corporate platforms by tricking employees into revealing login credentials. Cybersecurity experts have linked Shiny Hunters to several past attacks on major companies, using social engineering tactics and tools like fake login portals.
Kering has denied entering into any negotiations with the attackers, stating that it has followed legal guidance and immediately took steps to strengthen its systems. Authorities in data protection and cybersecurity have been notified, and affected customers are being contacted directly via email.
Luxury brands in the crosshairs of cybercrime surge
This incident follows a broader trend of cyberattacks on luxury fashion houses. Earlier this year, Cartier and Louis Vuitton also reported breaches, highlighting growing concerns over data security in the high-end retail sector.
Cybersecurity professionals note that luxury brands are particularly vulnerable due to their affluent clientele. Leaked data from such breaches can be exploited for financial fraud, identity theft, or targeted social engineering scams.
Consumers are being urged to take extra precautions, including changing passwords, enabling two-factor authentication, and staying alert to suspicious messages or calls. With hackers increasingly targeting digital infrastructure in the luxury space, experts warn that the industry must invest more heavily in cybersecurity to protect its brand reputation and customer trust.
