Image by Julien Tondu, from Unsplash
Hackers Expose Millions In Gucci and Balenciaga Data Breaches
Reading time: 2 min
Last Updated: Sep 15, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
The hacking group ShinyHunters announced they obtained more than 50 million customer records from Gucci, Balenciaga, and other fashion brands under Kering.
In a rush? Here are the quick facts:
- Hackers gained access through Salesforce, a customer management platform.
- Gucci’s breach reportedly involved 43 million records from 2017–2024.
- Balenciaga ransom talks started at 10 Bitcoin, dropped to €750,000.
DataBreaches.net analyzed files and chat logs, which show that ShinyHunters executed multiple cyberattacks against Kering fashion brands: Gucci, Balenciaga, Brioni, and Alexander McQueen.
The stolen customer data included more than 50 million records, which exposed personal information including names, phone numbers, email addresses, birthdates, and purchase records. The hackers entered the brands’ systems through Salesforce, which serves as their customer management platform.
The hackers claim to have obtained 43 million Gucci records spanning from 2017 through April 2024. They also stole personal data from Balenciaga, Brioni, and Alexander McQueen, resulting in the exposure of 13 million customer records. The exact number of affected customers remains unknown, because Kering has not issued any public statements about these incidents.
In July, months after data was already taken, Kering published a new security policy highlighting the dangers of “information theft, sabotage, Social Engineering, [and] cyber terrorism.”
The company wrote:
“Protecting Information means ensuring the confidentiality, integrity and availability of the Information. If Information is lost, stolen, inappropriately disclosed, destroyed, modified, serious consequences may result for Kering such as: Loss of customers’ trust […] Loss of competitive advantage […] Loss of revenue.”
The leaked negotiation records show Balenciaga started discussions with ShinyHunters during June 2025. The hackers first asked for 10 Bitcoin, but then reduced their ransom demand to €750,000 in cryptocurrency, while stating that GDPR penalties could amount to 4% of the company’s worldwide revenue. The Balenciaga negotiator expressed concerns about ransom payments, because they would attract additional cybercriminals who might target the company.
The negotiations between Balenciaga and the hackers continued for multiple weeks until the hackers rejected the €200,000 offer. The hackers then issued a final warning to Balenciaga before releasing the stolen data.
The lack of transparency from Kering about these cyber incidents puts millions of high-end fashion consumers at risk, while the company faces questions about its responsibility to protect customer data.
Previous Story
Latest articles 
