In September 2025, the French luxury conglomerate Kering confirmed having suffered one of the most significant cyberattacks against the high-end brand sector this year. The incident, perpetrated by the well-known cybercriminal group Shiny Hunters, exposed sensitive information from 7.4 million customers from iconic brands such as Gucci, Balenciaga and Alexander McQueen.

Details of the Kering Cyberattack

Chronology of the Incident

The cyber intrusion initially occurred in April 2025, although the company did not detect it until June of the same year. Cybercriminals maintained unauthorized access for several months, taking advantage of compromised internal credentials obtained through a sophisticated phishing campaign aimed at Salesforce's SSO portals.

Committed Information

The attackers were able to access a wide range of customer personal data, including:

  • Full names From customers
  • Email Addresses (7.4 million unique)
  • Telephone numbers
  • Shipping Addresses
  • Total Spending History In the group's brands

Fortunately, no sensitive financial data was compromised such as credit card numbers, bank information, or official IDs. However, the analysis of a data sample revealed by the BBC showed that some customers had made purchases that ranged from $10,000 and $86,000, extremely valuable information for future targeted attacks.

The Shiny Hunters Group: Attacker Profile

Operational Features

Shiny Hunters is a cybercriminal group specialized in mass data theft and extortion who rose to international fame in 2020. Unlike traditional ransomware groups, they don't encrypt systems, but instead focus on breaching networks, stealing information and monetizing it through clandestine forums or through direct extortion.

Method of Attack Employed

In the case of Kering, the attackers used advanced techniques of social engineering, specifically:

  • Vishing (voice phishing): Phone calls impersonating Salesforce technical support
  • OAuth application commitment: Installing malicious apps connected to Salesforce
  • Mass exfiltration: Use of tools such as Data Loader to extract large volumes of information

Kering Rescue and Response Demand

Following their usual pattern, Shiny Hunters demanded a ransom in Bitcoin in exchange for not publishing the stolen data. However, Kering categorically refused to make any payment, following the recommendations of international security forces and best practices in responding to cyber incidents.

Context: Wave of Cyber Attacks in the Luxury Sector

Black Year for Premium Brands

The attack on Kering is part of a alarming trend of cyberattacks aimed at the luxury sector during 2025. Other prominent victims include:

  • LVMH: Data commitment from 419,000 Louis Vuitton, Christian Dior and Tiffany & Co. customers
  • Cartier (Richemont): Customer Contact Information Leak
  • Chanel: Multiple security incidents throughout the year
  • Pandora: Theft of names and email addresses

Why the Luxury Sector is a Priority Objective

Luxury brands represent especially attractive objectives for cybercriminals for several fundamental reasons:

  1. High data value: Information from customers with high purchasing power
  2. Reputational pressure: Significant potential harm to brands that build their value on exclusivity and trust
  3. Increasing technological dependence: Larger attack surface due to accelerated digitalization
  4. Insufficient investment in cybersecurity: Only 21% of the technological budget allocated to security

🛡️ Protect your business with a comprehensive cybersecurity audit with Apolo Cybersecurity and identify vulnerabilities before cybercriminals do

The cyberattack on Kering represents a tipping point for the luxury industry, demonstrating that no brand, regardless of its prestige or resources, is safe from current cyber threats. The company's responsible response, refusing to pay the ransom and prioritizing transparency with customers and authorities, sets a positive precedent for the sector.

Effective protection against these attacks requires a comprehensive approach that combines advanced technology, continuous staff training and an organizational culture that prioritizes cybersecurity as a fundamental element of the business.

Does your company in the retail or luxury sector have the necessary security measures in place to prevent attacks such as the one suffered by Kering?

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity