PARIS, September 15, 2025 – Luxury conglomerate Kering (KER.PA) confirmed a cyberattack exposing customer data from Gucci, Balenciaga and Alexander McQueen brands, potentially affecting millions of clients worldwide.
The breach raises concerns about regulatory penalties and reputational damage for the 40 billion luxury group, which derives over 60% of revenue from its flagship Gucci brand.
- Hackers stole names, emails, phone numbers and spending data
- Attack potentially affects millions of luxury brand customers
- Cybercriminals claim to have 7.4 million customer records
Market reaction & context
Kering shares have underperformed European luxury peers this year, declining 35% compared to LVMH’s 15% drop. The cyberattack adds pressure on the French group already struggling with declining sales in China and increased competition in the luxury sector 1.
The stolen data includes customer names, email addresses, phone numbers, home addresses and total spending amounts at the affected brands’ stores, according to BBC reporting 2. Cybercriminals have allegedly posted the information online and are demanding ransom payments.
Detailed analysis
The hacking group known as “Shiny Hunters” claimed responsibility for the attack, asserting they obtained 7.4 million customer records from Kering’s systems 6. The breach affects three of Kering’s most valuable brands, which together generate billions in annual revenue.
Luxury retailers have become increasingly attractive targets for cybercriminals due to their wealthy customer bases and valuable personal data. The attack on Kering follows similar incidents affecting other high-end retailers globally.
Company response & outlook
Kering confirmed the cyberattack but did not immediately name the specific brands affected in its initial statement. The company has not disclosed whether it will pay any ransom demands or provided details about its cybersecurity response measures.
Industry analysts said the breach could result in substantial regulatory fines under European data protection laws, which impose penalties of up to 4% of annual global revenue for serious violations. For Kering, this could translate to fines exceeding 800 million if authorities determine negligence.
Conclusion
The cyberattack represents another challenge for Kering as it navigates a difficult period marked by slowing luxury demand and intense competition. The company must now manage potential regulatory consequences while protecting its premium brand reputation among affluent consumers.
Investors will closely monitor whether the breach affects customer loyalty or triggers significant compliance costs that could impact earnings guidance for the remainder of 2025.
Not investment advice. For informational purposes only.
References
1“Gucci, Balenciaga and Alexander McQueen hacked in cyber-attack”. BBC News. Retrieved September 15, 2025.
2“Hackers steal client data from Kering’s Gucci, Balenciaga and McQueen, BBC says”. Yahoo News. Retrieved September 15, 2025.
3“Gucci, Balenciaga and Alexander McQueen private data ransomed by hackers”. AOL. Retrieved September 15, 2025.
4“Hackers steal client data from Gucci, Balenciaga and McQueen parent Kering”. News.Az. Retrieved September 15, 2025.
5“Hackers steal client data from Kering’s Gucci, Balenciaga and McQueen, BBC says”. MarketScreener. Retrieved September 15, 2025.
6“Balenciaga, Gucci & McQueen Luxury Buyers’ Data Exposed in Kering Cyberattack”. The420.in. Retrieved September 15, 2025.