In an increasingly digitalized world, luxury brands are not exempt from the risks inherent to technological advancement. Digital transformation has revolutionized the way these companies interact with their customers, manage their operations, and position their products in the global market. However, this shift towards digital has also exposed the world’s most exclusive firms to a growing threat: cyberattacks.
What was once a concern mainly associated with the financial sector or governmental institutions has now fully reached industries traditionally focused on experience, aesthetics, and exclusivity. The personal information of high-net-worth consumers, records of million-dollar purchases, and interconnected logistics systems have become attractive targets for cybercriminals.
A recent case that has deeply shaken the industry is the cyberattack suffered by Kering, the French group that owns some of the most influential luxury brands in the world, such as Gucci, Balenciaga, Bottega Veneta, and Alexander McQueen. This cyberattack, publicly disclosed in September 2025, exposed not only the fragility of the digital infrastructures of multibillion-dollar companies but also the global and sophisticated reach of criminal organizations operating in cyberspace.
The massive data breach — including names, email addresses, physical addresses, phone numbers, and amounts spent — has raised alarms throughout the sector. The cyberattack not only raises urgent questions about data security but also puts at risk the reputation, consumer trust, and sustainability of the luxury business model in the digital era.
Kering and the data theft: A high-profile case
On September 15, 2025, the BBC reported that hackers had stolen the private details of millions of Kering customers, a group whose importance in the fashion and luxury industry is undeniable. Kering confirmed that, in June of that same year, an unauthorized third party had temporarily accessed its systems, resulting in the breach of some customer’s personal information.
Although the group did not specifically reveal which brands were affected by the cyberattack, it did confirm that the compromised data was limited and did not include sensitive financial information such as credit card numbers or bank accounts. Despite this, the cyberattack managed to expose critical personal data, including names, addresses, phone numbers, and, even more concerning, the total amounts spent by customers in the group’s luxury stores.
The information leaked from the cyberattack was valued not only because of the quantity of data obtained but also due to the nature of this data, as Kering’s customers are mostly individuals with high purchasing power. The group of hackers known as "Shiny Hunters" claimed responsibility for the cyberattack, stating they had obtained information linked to 7.4 million unique email addresses.
In addition, the cybercriminals demanded a ransom in Bitcoin, a common practice among hackers seeking to monetize data breaches. However, Kering refused to pay the ransom, following the recommendations of the authorities.
The growing threat of cyberattacks in the luxury industry
The cyberattack on Kering is not an isolated incident, but rather part of a growing trend of cybercrimes targeting the luxury sector. This type of attack has increased significantly in recent years, and many of the world’s most prestigious brands have fallen victim to security breaches.
For instance, in July 2025, LVMH, the world’s largest luxury conglomerate, confirmed a data breach affecting several of its brands, including Louis Vuitton, Christian Dior, and Tiffany. Similarly, in June of the same year, Cartier — one of the world’s most exclusive jewelry brands and part of the Richemont group — was also targeted by a cyberattack.
These cyberattacks, while varying in scale and the specific data leaked, share a common pattern: cybercriminals are targeting luxury brands because of their high-value and exclusive customer base. People who shop at these brands typically spend large amounts of money, making their personal data an attractive target for hackers. Moreover, the stolen data can be used for fraud, extortion, or even illegal information trading.
Luxury brands like Gucci, Balenciaga, and Louis Vuitton have invested heavily in building a reputation of exclusivity and trust. Therefore, the exposure of personal data not only endangers customer security but can also have a devastating impact on brand reputation. Trust — the foundation of the relationship between these brands and their consumers — is severely undermined when an attack of this kind occurs.
The vulnerability of luxury brands to cyberattacks
The luxury sector is particularly vulnerable to cyberattacks for several reasons. First, luxury brands have very exclusive clients, and thus, the data of these individuals is extremely valuable. Purchases made by luxury consumers often include high-value items and reflect a lifestyle and social status that can be exploited by cybercriminals.
In addition, many of these brands have not yet implemented sufficiently strong cybersecurity measures. While some companies in the sector have begun allocating resources to improve their technological infrastructure, a report by Bain & Company in collaboration with the Comité Colbert — which brings together French luxury brands — reveals that only a small fraction of those resources is dedicated to internal cybersecurity.
The study notes that 40% of luxury brands’ technology investments are aimed at enhancing customer experience, while only 21% are allocated to strengthening cybersecurity. This reveals a discrepancy in how luxury brands prioritize their technological strategies.
Often, more is invested in areas that enhance the customer experience, such as personalized services or e-commerce platforms, while internal security measures — which are essential for protecting consumers’ sensitive data — receive less attention. This lack of focus on data protection is further worsened by the fact that many brands rely on external providers to manage key aspects of their digital infrastructure, which increases the risk of cyberattacks due to third-party vulnerabilities.
The relevance of cybersecurity in the luxury industry
Cybersecurity is an increasing concern not only in the luxury sector, but across all industries that handle large volumes of data. However, the luxury industry is in a unique position due to the nature of its clients and the exclusivity of its products.
Luxury brands do not just sell products; they sell a lifestyle, an image, and an emotional connection with their clients. This connection, based on trust and privacy, is deeply affected when consumers' personal data is compromised.
It is essential that luxury brands adopt a more comprehensive and proactive approach to cybersecurity to prevent large-scale cyberattacks. According to the report by Bain & Company, Chief Information Officers (CIOs) in these brands are more aware of the importance of cybersecurity than Chief Executive Officers (CEOs).
This suggests that CIOs are often more focused on digital protection than CEOs, which can lead to a lack of strategic alignment in key business decisions. To address this issue, experts suggest that CIOs and CEOs must work together to integrate cybersecurity into the company's overall strategic vision.
The issue is not only technical but also cultural. The luxury industry has historically been oriented toward exclusivity and strict control over product quality. However, digitalization has changed the way brands interact with consumers. Personal data and online transactions are now a crucial part of the business, and brands must adapt to this new reality in order to protect their clients from cyberattacks.
Economic and reputational effects for Kering
The cyberattack on Kering comes at a particularly delicate moment for the group. In 2025, a decline in global luxury sales is anticipated, ranging between 2% and 5%. However, Kering reported a 16% drop in revenue during the first half of the year, with revenue of 9 billion dollars (approximately 7.6 billion euros). This economic setback follows a 12% drop in 2024, adding even more pressure to a company already struggling to maintain its growth.
The data breach only worsens the situation. The personal and financial information exposed by the cyberattack jeopardizes customer trust in the brand. The large sums of money some of these consumers spend on luxury products may make them feel insecure and less willing to continue purchasing from brands that do not guarantee the protection of their data. In this context, cybersecurity management is not only a technical issue but also a matter of survival for the brand.
What can luxury brands do to protect themselves?
The cyberattack on Kering highlights the urgent need for luxury brands to invest in more robust cybersecurity measures. As the industry faces a growing threat from cybercriminals, it is crucial that brands adequately prepare to protect their customers' information from cyberattacks. Some of the key actions luxury brands can take to strengthen their cybersecurity include:
- Investing in internal cybersecurity: Brands should allocate more resources to protect their internal systems and networks. This includes implementing advanced firewalls, intrusion detection systems, data encryption, and multi-factor authentication measures at all access points.
- Reviewing relationships with external vendors: Luxury brands must carefully evaluate the security of third-party vendors managing their technology platforms. By reducing reliance on third parties and reinforcing their own infrastructures, brands can minimize security vulnerabilities.
- Ongoing awareness and training: Employees are the first line of defense against cyberattacks. Therefore, it is essential that brands train their staff in cybersecurity best practices and in identifying potential threats, such as phishing emails or platform vulnerabilities.
- Collaboration between CIOs and CEOs: Cybersecurity must be a shared priority between CIOs and CEOs. Both must work hand in hand to ensure that business decisions support not only economic growth but also the protection of customer data and privacy.
- Transparency with clients: It is vital that brands be transparent in the management of security incidents. While brands must protect their own interests, they must also be honest with their clients about data breaches and the steps being taken to mitigate risks.
The cyberattack on Kering is a clear reminder that cybersecurity is no longer an optional luxury, but an urgent and top-priority necessity for all companies — especially those operating in the luxury segment. Brands in this sector not only handle information of high economic value, but also the personal data of clients who expect confidentiality, exclusivity, and a flawless experience on every level.
A data breach can compromise not only consumer security but also the very essence of luxury: absolute trust and discretion. Thus, the cyberattack on Kering is not an isolated case, but a symptom of a systemic vulnerability that must be addressed with seriousness and long-term vision.
To confront these cyberattack challenges, it is imperative that luxury companies adapt their internal structures and organizational culture to the demands of the digital era. It is not enough to react to an attack; it is necessary to anticipate it. This means sustained investment in robust technological infrastructure, building specialized cybersecurity teams, establishing incident response protocols, and, above all, integrating cybersecurity into high-level strategic decision-making.
Collaboration between technical and executive departments is key to ensuring that technology investments are not limited to customer experience, but also reinforce the protection of information and digital assets. In this new environment, the ability to prevent, mitigate, and effectively respond to cyber threats will be a key differentiator between the brands that thrive and those that fall behind.
Ultimately, those luxury brands that embrace cybersecurity as an essential part of their corporate identity will be better positioned to preserve their reputation, retain their clients, and ensure their continuity in an increasingly complex business environment exposed to cyberattacks. The prestige that has been built over decades through excellence in design, quality, and personalized attention now also depends on the ability to protect the data and privacy of those who place their trust in these brands.
Cybersecurity is no longer just a technical matter — it is a new frontier of luxury. If you would like to learn about the latest measures against cyberattacks, write to us at [email protected]. We have a team of cybersecurity experts ready to assist you.
EN 
ES