How Cybercriminals Cracked Luxury Retail Supply Chains

The consumer databases of Gucci, Balenciaga and Alexander McQueen have been compromised in a ransomware attack that exposes just how fragile luxury retail’s supply chain security remains.

Personal details, purchase histories and contact information from these high-end brands are now in criminal hands, following an intrusion into the systems of parent company Kering.

The breach aligns with a wider pattern of cyber threats across supply chains, including earlier September attacks on JLR.

Kering confirmed the breach involved access to "limited customer data from some of our Houses" and stresses "no financial information – such as bank account numbers, credit card information or government-issued identification numbers – was involved."

However, the type of data stolen still holds serious implications for supply chains, retailers and customers alike.

What's at risk? 

The attack, carried out by a hacker known as Shiny Hunters, resulted in the theft of names, addresses, emails, phone numbers and a data field labelled "Total Sales" – which records how much individuals spend with each brand.

This type of data, especially linked to high-value spenders, poses a clear risk for identity theft, targeted scams or further phishing attacks.

Shiny Hunters claims to have data from 7.4 million unique email addresses. While Kering has not confirmed a total figure, it has contacted affected individuals directly but made no public disclosure – a move permitted under data laws as long as personal notifications are issued.

Kering says the breach originates from unauthorised access in April. The criminal makes contact in June, attempting to ransom the data in Bitcoin.

Kering denies all communication with the hacker and says it follows law enforcement guidance by refusing to engage or pay.

The incident follows similar breaches affecting brands like Cartier and Louis Vuitton. Cyber security analysts, including those at Google, link Shiny Hunters to a wider threat group they call UNC6040, known for targeting third party systems like Salesforce through social engineering – tricking staff into handing over login credentials.

Retail supply chain exposed

The implications of this breach go beyond customer records. Cybersecurity in luxury retail supply chains is now a front-line issue.

These companies rely on interconnected systems covering ecommerce, customer relationship management, inventory and global logistics. If attackers breach these systems, the effects ripple through production lines, distribution centres, fulfilment pipelines and third-party vendor networks.

Luxury brands, in particular, work with numerous external suppliers, warehouses and shipping partners. Any compromise in a shared digital platform or IT link can expose the entire chain.

In some cases, the breach of an outsourced system such as Salesforce can give criminals a backdoor into core infrastructure. This introduces the risk of operational paralysis, delays in product delivery and gaps in stock availability.

Michael Tigges, Senior Security Operations Analyst at Huntress, explains: "The breach at Kering highlights how luxury retailers remain attractive targets for data theft, even when payment data isn’t exposed."

He stresses that access to identity data alone can allow criminals to mimic real users and gain access to other systems, potentially using tools like deepfake voice clones and AI-generated phishing content.

AI intensifies the cybersecurity threat 

The breach also shows how the use of AI is reshaping the methods of attack.

Spencer Young, SVP EMEA at Delinea, says: "Today’s breach, impacting millions of customers... is a stark reminder that ransomware and data theft has evolved into a shape-shifting, AI-enabled threat."

He advocates for strategies such as zero trust architecture, Privileged Access Management and continuous credential monitoring to protect supply chain systems.

James Blake, Vice President of Cyber Resiliency Strategy at Cohesity, adds: "Hackers are weaponising AI, exploiting systemic vulnerabilities, evading common security tools and targeting critical infrastructure with growing precision."

He notes that LLMs now allow criminals to craft phishing attacks that are localised, believable and language-specific, contributing to a high success rate.

The breach, while not involving direct payment data, still opens the door to wide-scale operational risk. Reputational harm, regulatory scrutiny and operational delays now threaten luxury retailers unless new protective systems are adopted.

Even in the absence of financial records, customer confidence can fall sharply when personal data and purchase histories are exposed.

Retailers must now consider that cybersecurity is no longer isolated to IT departments but is central to supply chain continuity.

Every link – from the customer interface to backend logistics – becomes a potential vulnerability. The need to defend these systems with active monitoring, identity protection tools and AI-driven response strategies is more pressing than ever.

Kering says its systems are now secure. In a sector where exclusivity and trust define brand loyalty, luxury houses like Gucci, Balenciaga and Alexander McQueen face an urgent challenge – keeping their digital and physical supply chains secure at all levels.