Following recent high-profile cyberattacks against LVMH, Chanel, Cartier and Jaguar Land Rover, French luxury conglomerate Kering, parent of Gucci, Saint Laurent, Bottega Veneta, Balenciaga, Alexander McQueen and others, has confirmed that consumer data affecting potentially millions of its high-end customers was stolen in an April cyberattack.

What We Know

Kering did not reveal which brands were impacted or how many customer records were breached, but the company reassured customers that no financial, bank account or credit card data was stolen. However, critical personal data was compromised, including customer names, email and physical addresses, phone numbers and the total amount spent with Kering brands.

The hacker group Shiny Hunters claimed credit for the breach and told the BBC that it had 7.4 million unique email addresses, suggesting the extent of attack. The hacker group is demanding ransom to be paid in Bitcoin, which Kering refused “in accordance with long-standing law enforcement advice,” but that puts the data at risk to be sold on to other bad actors. Kering said it has since secured its systems and has notified all customers affected.

Growing Threat

The Kering attack is the latest luxury company to fall victim to cybercriminals who have been leveling up against luxury brands. Earlier this year, industry leader LVMH confirmed customer data from its Louis Vuitton, Christian Dior and Tiffany brands was stolen.

In addition, hackers accessed Chanel customer data through its integration with third-party service provider Salesforce. Richemont-owned Cartier customer data was compromised in a June attack and Jaguar Land Rover production remains shutdown as it recovers from a cyberattack that was discovered in September.

Due to the nature of the clients luxury brands serve – the BBC reviewed sample records containing the names and numbers of Kering customers spending over $10,000 up to $86,000 – luxury brands are especially vulnerable to cyberattacks.

Cybercriminals can use this valuable customer data for secondary scams and extortion efforts. News of such cyberattacks can also hurt the reputation of esteemed luxury brands that base their customer relationships on trust and exclusivity.

More Security Needed

While luxury brands are making greater investments in their technology stack, their allocation of new investments directed toward change initiatives favor customer-facing efforts (40%) and less (21%) toward wider-sweeping enterprise tech investments, such as cybersecurity, according to a study by Bain in association with Comité Colbert.

“Cybersecurity is a top priority in luxury, threatening business continuity and brand reputation, not just causing data loss,” a luxury brand CIO stated in Bain’s “Luxury and Technology” report.

Luxury brands also allocate a greater portion of their “change” technology investment to external vendors (68%), which can provide a backdoor into their internal systems.

Report authors Luca Diomede and Jöelle de Montgolfier noted that luxury CIOs place a higher priority to cybersecurity than CEOs. “What matters now is ensuring that CIOs and CEOs work hand in hand so that cybersecurity considerations are fully integrated into companies’ strategic decision-making,” they shared.

Another Blow To Kering

This cyberattack couldn’t come at a worse time for Kering. As the luxury industry is bracing for a 2% to 5% decline in sales this year, Kering just reported sales dropped 16% to $9 billion (€7.6 billion) in the first half of 2025, after sales declined 12% to $20.4 billion (€17.2 billion) last year.