Cybercriminal group Shiny Hunters stole the personal data of up to 7.4 million customers of Balenciaga, Gucci, and Alexander McQueen by breaching parent company Kering’s systems in April. The stolen data includes names, emails, phone numbers, addresses, and total spending at luxury stores, but no financial details (credit cards, bank data) were taken.

Kering says it has secured its systems, reported the breach to authorities, and notified affected customers but is not legally required to make a public announcement. Shiny Hunters claims to have tried negotiating a Bitcoin ransom, which Kering denies paying.

The exposed “Total Sales” figures raise concern that high-spending customers (some spending $30k–$86k) could be targeted for scams or extortion. This breach is part of a broader wave of attacks on luxury brands, with Google also recently warning about similar attacks linked to Shiny Hunters (aka UNC6040).

For individuals who may have been affected, experts recommend staying alert for phishing attempts and scams, being cautious with any unexpected messages or calls, and verifying bank communications by using official contact numbers rather than trusting incoming calls. It’s also advised to change passwords, avoid reusing them across multiple accounts, and enable two-factor authentication where possible to reduce risk of further compromise.