
Balenciaga, Gucci and Alexander McQueen customers hacked and ransomed
15/09/2025
Cyber criminals have stolen the private details of potentially millions of Balenciaga, Gucci and Alexander McQueen customers in an attack.
- The cybercriminal behind the attack calls themselves Shiny Hunters. The hacker or hackers, known by Google as UNC6040, have been stealing data by tricking employees into handing over their login details for internal company Salesforce software.
- The stolen data includes names, email addresses, phone numbers, addresses and the total amount spent in the luxury stores around the world.
- Kering, the parent company of the luxury brands, has confirmed the breach and says it disclosed the incident to the relevant data protection authorities.
- It said no financial information, such as card details, was stolen.
- The firm also says it has emailed customers affected, but has not said how many or made any public statements about the hack.
- Legally, the company is not obligated to make any public statements about the breach as long as it has notified all individuals affected through other means.
The cyber criminal behind the attack calls themselves Shiny Hunters.
- They claim to have data linked to 7.4 million unique email addresses, which suggests the total number of individual victims could be similar.
- A small sample shared with the BBC as proof contained thousands of customer details, which appear to be genuine. Once the files were analysed, they were deleted.
- One of the details in the stolen data is "Total Sales", which shows how much money a person has spent with each brand.
- Some customers are shown to have spent more than $10,000, with a handful spending $30,000-$86,000 in stores in the small sample analysed by the BBC.
- This information is particularly concerning for victims as it could lead to high spenders being targeted by secondary hacks and scams if the hacker decides to leak the information to other criminals.
Shiny Hunters appears to be acting alone and told the BBC over Telegram chat that they breached the luxury brands in April through Kering.
- The hacker contacted the French company in early June and claimed to have been in on-off negotiations with them over a ransom to be paid in Bitcoin.
- This is denied by the company, which says it has not engaged in any conversations with the criminal.
- The company says it has refused to pay the hacker in accordance with long-standing law enforcement advice.
a Kering spokesperson said
- "In June, we identified that an unauthorised third party gained temporary access to our systems and accessed limited customer data from some of our Houses.
- No financial information - such as bank account numbers, credit card information, or government-issued identification numbers - was involved in the incident,"
April 2025 - Cartier and Louis Vuitton, and also disclosed breaches to customers and the public.
- The data breach, which occurred in April, coincided with a wave of attacks on luxury brands, including Cartier and Louis Vuitton, and also disclosed breaches to customers and the public.
Shiny Hunters.
- It's not known if those attacks are linked to Shiny Hunters.
- In June, cybersecurity experts at Google issued a warning about a trend of attacks linked to Shiny Hunters that the tech giant also subsequently fell victim to.
- The hacker or hackers, known by Google as UNC6040, have been stealing data by tricking employees into handing over their login details for internal company Salesforce software.
Gucci, Balenciaga and Alexander McQueen hacked in a cyber-attack - BBC News https://www.bbc.co.uk/news/articles/crl5j8ld615o.
The Team
Meet the team of industry experts behind Comsure
Find out moreLatest News
Keep up to date with the very latest news from Comsure
Find out moreGallery
View our latest imagery from our news and work
Find out moreContact
Think we can help you and your business? Chat to us today
Get In TouchNews Disclaimer
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.