Hackers Leak Luxury Shopping Habits of Gucci, Balenciaga, and Alexander McQueen Customers

Shiny Hunters, one of the most notorious data-stealing groups on the dark web, claims to have pulled off a heist against French luxury powerhouse Kering, parent company of Gucci, Balenciaga, and Alexander McQueen. The attackers say they walked away with private data tied to millions of high-end shoppers worldwide—information that could become a goldmine for scams targeting the wealthy.

Inside the Breach

According to the hackers, the April intrusion exposed names, emails, phone numbers, physical addresses, and a particularly sensitive data point: the amount each customer has spent at Kering’s boutiques. Samples of the stolen files shared with the BBC revealed individual spending tallies stretching from $10,000 to nearly $90,000. While Kering insists no credit card or government ID data was accessed, cyber experts warn that the inclusion of spend history makes these victims especially attractive to fraudsters.

Shiny Hunters, speaking to reporters over Telegram, claimed the breach was the result of a successful compromise of Kering’s internal systems. The group also alleges it attempted to negotiate a Bitcoin ransom with the company—a claim Kering denies. The firm has told regulators and affected customers that it refused to pay and that its systems have since been secured.

“In June, we identified that an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses. No financial information—such as bank account numbers, credit card information, or government-issued identification numbers—was involved in the incident,” a Kering spokesperson said.

Part of a Larger Pattern

The timing of the breach aligns with a wave of attacks against luxury retailers this year. Cartier and Louis Vuitton disclosed their own compromises in the spring, raising questions about whether attackers are systematically targeting fashion houses. Google’s security researchers have previously linked Shiny Hunters—tracked internally as UNC6040—to campaigns that trick employees into handing over Salesforce credentials. Even Google itself was targeted earlier in 2025.

Why Spending Data Changes the Stakes

Unlike many retail hacks that expose transactional details, this breach carries an additional layer of danger. The spend records show exactly how much certain individuals have poured into luxury purchases. That data could enable secondary extortion attempts, targeted phishing, or even physical security risks if it circulates widely.

Ade Clewlow, senior advisor at cybersecurity consultancy NCC Group, said the attack illustrates why luxury brands have become attractive prey. “High-net-worth individuals face significant risk after Kering’s data breach exposed detailed records of Gucci, Balenciaga, and Alexander McQueen customers, including spend data. Customers should therefore be hyper-vigilant to phishing attempts seeking personal information, online credentials, or payment of any kind,” he said. Clewlow praised Kering for refusing to pay, adding that ransoms only bankroll organized crime without guaranteeing data deletion.

Lee Sult, chief investigator at Binalyze, emphasized the importance of reclaiming the narrative from criminals. “If attackers control the narrative, they can further damage their targets’ reputation and potentially spread misinformation. Getting ahead of this and owning the story means organizations can rebut false claims with confidence,” he said. For companies, he argued, investigation should begin within hours, not days.

What Customers Should Do

Security agencies advise victims to take immediate precautions:

• Change account passwords and enable two-factor authentication.

• Watch for phishing attempts masquerading as banks, retailers, or government agencies.

• Be cautious of urgent requests for payments or personal information.

  
  

The UK’s National Cyber Security Centre recommends building strong, unique passwords using three random words. Most importantly, customers should avoid recycling credentials across multiple platforms.

The Bigger Picture

Luxury retail has always thrived on exclusivity, but exclusivity cuts both ways. Detailed spending records are now in the hands of a cybercriminal group with a history of leaking massive databases online. Whether Shiny Hunters ultimately sells or dumps the data, the episode underscores a reality facing high-end brands and their clients: even the most glamorous shopping experiences can be dragged into the muck of cybercrime.