Kering, the luxury fashion group behind Gucci, Balenciaga and Alexander McQueen, said on Wednesday that hackers accessed customer data in a June 2025 breach, affecting multiple brands within the group.
Authorities said millions of customers could have had their names, dates of birth, phone numbers and email addresses exposed, as well as details of how much they spent in stores. The company said no personal financial information appears to have been breached.
DataBreaches reports that the ShinyHunters hacking group claimed initial access to Gucci in 2024 and that a data set of about 43 million Gucci customer records, along with a separate 13 million-record dataset covering Balenciaga, Brioni and Alexander McQueen, were later exposed. The group has said it breached the company via its Salesforce CRM.
Chat logs reviewed by DataBreaches indicate that by June 2025 Balenciaga was negotiating a ransom, with the attackers allegedly seeking €750,000 in Bitcoin. In the end, Balenciaga appeared to back away from the payment offer, according to the logs, and negotiations continued for a period in mid-2025.
Paris police announced on June 25 that five people suspected of belonging to the BreachForums ecosystem had been arrested, including individuals described as leaders of the ShinyHunters network. Kering said it had informed affected customers and regulators, and denied that it had ever entered negotiations with the attackers.
Because the breach exposed email addresses, phone numbers and purchase histories, researchers warned that attackers could use the information for phishing and social-engineering campaigns. Consumers with accounts at Gucci, Balenciaga, Brioni, or Alexander McQueen should be vigilant for suspicious messages or requests for personal information.