AI-Driven Hack Hits Gucci, Balenciaga and McQueen's Data

The consumer databases of Gucci, Balenciaga and Alexander McQueen have been hit by a ransomware attack that underlines the ongoing fragility of cybersecurity across luxury retail supply chains.

Personal data, purchasing records and customer contact details from these flagship brands have fallen into criminal hands following an intrusion into the systems of parent group Kering.

The incident reflects a broader escalation in supply chain cyber risk, echoing earlier September attacks on JLR.

Kering has confirmed that the intrusion involved "limited customer data from some of our Houses," while emphasising that "no financial information – such as bank account numbers, credit card information or government-issued identification numbers – was involved."

Nonetheless, the nature of the stolen data poses significant risks for customers, retailers and the wider supply chain ecosystem.

What's at risk? 

The attack, attributed to a hacker operating under the name Shiny Hunters, led to the theft of names, addresses, emails, phone numbers and a data field labelled "Total Sales" – detailing individual customer spend across each brand.

Data of this nature, particularly when tied to high-value clients, creates heightened risks of identity theft, precision-targeted scams and sophisticated phishing attempts.

Shiny Hunters claims to hold records tied to 7.4 million unique email addresses.

While Kering has not confirmed the full scale of the breach, it has directly notified affected customers without a public disclosure – an approach permitted under data protection law provided individuals receive personal notification.

According to Kering, the compromise stemmed from unauthorised access in April, with the criminal establishing contact in June to demand a Bitcoin ransom.

The company states it did not engage and has followed law enforcement guidance to refuse any payment.

This incident mirrors earlier breaches at Cartier and Louis Vuitton.

Cybersecurity analysts, including Google researchers, link Shiny Hunters to a broader threat group named UNC6040, known for exploiting third-party systems such as Salesforce by using social engineering techniques to trick employees into surrendering their credentials.

Retail supply chain exposed

The consequences of this breach extend far beyond stolen customer records, with cybersecurity in luxury retail supply chains emerging as a critical frontline concern.

These brands depend on tightly interconnected digital systems spanning ecommerce, customer relationship management, inventory oversight and global logistics.

Once compromised, the effects can cascade across production facilities, distribution centres, fulfilment networks and third-party vendors.

Luxury retailers, in particular, manage extensive networks of external suppliers, warehouses and shipping partners.

A single weakness in a shared platform or IT integration has the potential to expose the entire value chain.

Where outsourced systems such as Salesforce are involved, attackers may even gain a backdoor into core operations – heightening the risk of delivery delays, inventory shortages and severe operational disruption.

Michael Tigges, Senior Security Operations Analyst at Huntress, explains: "The breach at Kering highlights how luxury retailers remain attractive targets for data theft, even when payment data isn’t exposed."

He warns that even limited access to identity data enables criminals to impersonate legitimate users and infiltrate further systems, often leveraging deepfake voice clones and AI-crafted phishing attacks.

AI intensifies the cybersecurity threat 

The breach also highlights the way AI is transforming attack techniques, arming threat actors with more sophisticated tools for intrusion, impersonation and data exploitation.

Spencer Young, SVP EMEA at Delinea, says: "Today’s breach, impacting millions of customers... is a stark reminder that ransomware and data theft has evolved into a shape-shifting, AI-enabled threat."

He calls for the adoption of zero trust architecture, Privileged Access Management and continuous credential monitoring as key strategies to safeguard supply chain systems.

James Blake, Vice President of Cyber Resiliency Strategy at Cohesity, adds: "Hackers are weaponising AI, exploiting systemic vulnerabilities, evading common security tools and targeting critical infrastructure with growing precision."

He observes that large language models are now enabling criminals to design phishing campaigns that are highly localised, convincing and tailored to specific languages, raising their success rates considerably.

Although no payment card details were exposed in this incident, the compromise introduces serious operational risks, from reputational damage and regulatory pressure to delays across the retail network.

Even without direct financial information, customer trust can erode quickly when data such as personal details and purchase histories are leaked.

For luxury retailers, cybersecurity is no longer a matter confined to the IT department but has become inseparable from overall supply chain resilience.

Every point of connection – from the consumer-facing storefront to the most remote logistics partner – now represents a possible entry route for attackers.

To stay resilient, retailers must embrace active monitoring, invest in robust identity protection tools and deploy AI-driven response mechanisms to counter increasingly advanced threats.

While Kering maintains its systems are now secure, the incident underscores the urgent challenge for luxury houses such as Gucci, Balenciaga and Alexander McQueen: safeguarding both the digital and physical layers of their supply chains to protect the exclusivity and trust on which their brands are built.