ShinyHunters Linked to Breach of French Luxury Goods House Kering

Kering, the parent company of luxury brands such as Alexander McQueen, Balenciaga, and Gucci, has admitted that personal data of its customers has been compromised following an apparent ransomware attack linked to the notorious ShinyHunters hacking collective. The breach is believed to have occurred in April, with the firm discovering the unauthorized access to customer data in June.

The compromised data is thought to include sensitive information such as names, contact details, and spending history, but fortunately, no financial or credit card data was affected. Kering's spokesperson told the BBC that an "unauthorized third party gained temporary access to our systems" and accessed limited customer data from some of their Houses.

According to reports, negotiations between Kering and ShinyHunters took place, but it is unclear whether a ransom was paid or not. However, Kevin Marriott, senior manager of cyber and head of security operations at Immersive, believes that the apparent delay may have been due to an attempt by ShinyHunters to suppress the leak.

Marriott noted that the latest attacks on luxury brands continue a trend of incidents affecting prominent targets in the industry. "What makes this particular breach so concerning is that not only were emails, phone numbers, and addresses taken, but the data related to customer spend may be used to prioritize the customers impacted as targets in further attacks," he said.

Joseph Rooke, director of risk insight at Recorded Future's Insikt Group, echoed Marriott's concerns, stating that luxury brands are prime targets for cybercrime due to their global recognition and high-net-worth customer bases. "Attackers are drawn to these companies not only because of the global recognition of their brands, but also because their customer bases include individuals whose personal details can be especially valuable," Rooke said.

ShinyHunters' use of high-profile national broadcasters to spread its message has been a hallmark of the gang's extensive cyber attack campaign. The group, which is linked to other notorious hacking collectives like Scattered Spider, has been responsible for various high-profile breaches in 2025.

Markets & Spencer chairman Archie Norman described an "unusual experience" of learning about new developments in the Scattered Spider attack on the retailer from the BBC. Lee Sult, chief investigator at Binalyze, highlighted the importance of organizations taking control of the narrative and rebutting false claims with confidence. "Getting ahead of this and owning the story means organisations can prevent further damage by showboating in public," he said.

"If attackers control the narrative, they can further damage their targets' reputation and potentially spread misinformation," Sult continued. "Investigation cannot be something that happens after the dust settles. Instead it should be completed in hours instead of days, bringing light into the obscure areas so attackers have less space to make up stories," he said.

This breach serves as a reminder of the importance of cybersecurity and data protection for organizations, particularly those operating in high-risk industries. As the threat landscape continues to evolve, it is essential for companies like Kering to prioritize their security measures and stay ahead of emerging threats.