Luxury customer data hack rattles global industry

French luxury group Kering, owner of Gucci, Saint Laurent, Bottega Veneta, Balenciaga, Alexander McQueen and other high-end labels, has confirmed that the personal data of millions of its wealthy clients may have been stolen in a cyberattack earlier this year, according to a BBC report. 

The breach occurred in April and marks the latest major intrusion into the luxury sector.

Forbes reported that the attack is part of a wider campaign targeting leading fashion and luxury houses, including LVMH, Chanel, Cartier and even Jaguar Land Rover, raising concerns over customer trust across the industry.

Rising wave of cybercrime against luxury brands

Kering is the latest luxury powerhouse to fall victim to hackers stepping up assaults on high-profile companies. Earlier in 2025, industry leader LVMH confirmed that client data from Louis Vuitton, Christian Dior and Tiffany had been compromised.

Hackers also gained access to Chanel’s customer data via Salesforce, an external CRM provider, while Richemont-owned Cartier reported a data breach in June. Meanwhile, Jaguar Land Rover was forced to suspend production as it worked to recover from a cyberattack discovered in September.

Luxury brands face heightened cyber risks

The very nature of luxury clientele makes the sector especially vulnerable to cybercrime. According to the BBC, leaked records linked to French luxury group Kering showed individual customers spending between US$10,000 and US$86,000, underscoring why high-end brands are prime targets for hackers.

Cybercriminals are exploiting this valuable data to devise sophisticated scams and extortion schemes. Experts warn that such breaches risk damaging the carefully cultivated trust and exclusivity that underpin relationships between luxury houses and their customers.

Kering has not disclosed which of its brands were affected or the exact number of customers impacted, but assured clients that no financial data, such as bank accounts or credit card details, had been stolen. However, personal information, including names, emails, addresses, phone numbers and total spending with Kering brands was exposed.

Technology and exposure

A joint study by Bain & Company and Comité Colbert highlighted the growing technology spend by luxury firms, but noted a mismatch in priorities. Around 40% of new investment is focused on consumer, while less than 21% is directed at enterprise-level systems such as cybersecurity. Meanwhile, more than two-thirds of technology “transformation” budgets are allocated to suppliers, creating potential entry points for hackers.

The report, authored by Luca Diomede and Joëlle de Montgolfier, found that chief information officers (CIOs) often place greater emphasis on cybersecurity than their chief executives. “It is now essential for CIOs and CEOs to work closely together, ensuring that cybersecurity considerations are fully integrated into corporate strategy,” the authors wrote.

“Cybersecurity is a top priority for luxury,” a CIO quoted in Bain’s Luxury and Technology report added. “This is not just about preventing data loss, but about defending against ongoing threats to business continuity and brand reputation.”

Cyberattack hits Kering as luxury group battles falling sales

Hacker group Shiny Hunters has claimed responsibility for the breach at French luxury conglomerate Kering, telling the BBC it had obtained the email addresses of 7.4 million customers.

The cyberattack comes at a particularly difficult moment for Kering, as the luxury sector braces for an industry-wide sales decline of 2–5%.

Earlier this year, Kering reported that first-half 2025 sales had fallen 16% to US$9 billion (€7.6 billion), following a 12% drop in 2024 to US$20.4 billion (€17.2 billion).