Fast Facts

• ShinyHunters breached Kering’s brands, exposing 7.4 million customer records.
• Leaked data includes names, emails, phone numbers, shipping addresses, and total spending per customer.
• No credit card or banking details were stolen, but high-value shoppers are now at risk of targeted scams.
• Hackers claim to have negotiated a Bitcoin ransom; Kering denies any payment.
• Attackers accessed data via compromised internal credentials, likely through a phishing campaign.

The Digital Catwalk Turns Hostile

Imagine a glitzy runway where models parade the world’s most coveted brands - only to have the spotlight snatched by cybercriminals lurking in the shadows. That’s precisely what happened this spring when ShinyHunters, a notorious hacker collective, infiltrated the digital vaults of luxury giant Kering. The breach, affecting flagship labels Gucci, Balenciaga, and Alexander McQueen, put the privacy of millions of high-rolling fashionistas on the line.

How the Breach Unfolded

Kering detected the incident in June 2025, but the hackers had already slipped inside back in April. By leveraging stolen internal credentials - likely harvested through a sly phishing campaign targeting Salesforce’s single sign-on (SSO) portals - the attackers gained temporary but potent access. Once inside, they exfiltrated a trove of personal information: names, emails, phone numbers, shipping addresses, and, perhaps most provocatively, each customer’s lifetime spending with the brands. While credit card numbers were spared, this “VIP list” of big spenders is a goldmine for future scams.

ShinyHunters, who have a history of high-profile data heists (including breaches at Tokopedia and Microsoft’s GitHub), claimed they tried to negotiate a Bitcoin ransom over Telegram. Kering, however, insists it never paid and followed law enforcement guidance to refuse ransom demands.

Why This Matters: The New Gold of Data

This breach is a stark reminder that in the luxury world, data is nearly as valuable as diamonds. The exposed “total sales” field paints a target on the wealthiest customers, making them prime candidates for spear-phishing - a type of scam where attackers craft personalized messages to trick victims into revealing even more. As Google’s Threat Analysis Group notes, ShinyHunters have been linked to similar campaigns, exploiting stolen API tokens and OAuth permissions to leapfrog across companies.

The market implications are significant. High-end brands depend on trust and exclusivity; any whiff of insecurity can tarnish reputations and drive discerning clients elsewhere. Meanwhile, the breach also highlights broader geopolitical concerns, as cybercriminals increasingly target luxury and finance sectors for their rich data veins.

Lessons from the Catwalk: Staying Safe

Kering has notified affected customers and regulators under Europe’s GDPR rules, urging users to reset passwords and scrutinize any suspicious communications. The lesson for everyone, whether you’re a fashionista or a casual shopper: vigilance is the new black. In the age of digital luxury, a single click can be the difference between privacy and exposure.

WIKICROOK

• Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
• Single Sign: Single Sign-On (SSO) lets users access multiple services with one login, simplifying access but increasing risk if credentials are compromised.
• Spear: Spear phishing is a targeted cyberattack using personalized emails to trick specific individuals or organizations into revealing sensitive information.
• API Token: An API token is a digital key that allows users or programs to securely access and control specific features of software applications.
• GDPR: GDPR is a strict EU and UK law that protects personal data, requiring companies to handle information responsibly or face heavy fines.