Kering 2025 Data Breach

Kering Luxury Fashion Group Breach (Salesforce, 2025): 56 Million Customer Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersRetail:LuxuryEmail AddressPhone NumberPhysical Address
Moderate SeverityWebsite / service breach

Kering Luxury Fashion Group Breach (Salesforce, 2025): 56 Million Customer Contact Records Exposed

Luxury goods holding company.

Verified by ObscureIQ Intelligence
48/100Breach Risk Index
10Data Value
40Market Recency
206dSince Breach

Breach Intelligence Summary

Entity: Kering · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Luxury goods and fashion brands · Global brand group · Global
Timeline: Breach (2025-10-10) · Indexed (Oct 03, 2025) · Year (2025)
Exposure: 56.4M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported

Executive Summary

Kering, the French luxury goods group behind Gucci, Balenciaga, Bottega Veneta, Saint Laurent, Brioni, and Alexander McQueen, was caught up in a broad supply chain attack targeting Salesforce, the customer relationship management platform used across Kering's retail operations. A threat actor group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of the stolen data on October 3, 2025, announcing a full release scheduled for October 10. Kering was one of roughly 39 organizations listed on the group's dark web leak site as part of the same campaign. The breach affected an estimated 56.4 million customer records. The exposed data includes names, dates of birth, email addresses, phone numbers, and home addresses, along with Salesforce system metadata and purchase amount data. Because Kering's customer base skews heavily toward high-net-worth individuals, the combination of personal contact details and luxury purchase context makes this dataset particularly useful to fraudsters. Attackers can use it to craft convincing phishing messages, impersonate brand representatives, or target wealthy individuals for procurement fraud and social engineering schemes. Kering has not made detailed public statements about the scope of its exposure in this campaign. No regulatory actions or individual notifications have been confirmed as of the time of writing. Affected customers should be alert to unsolicited contact claiming to be from Gucci, Balenciaga, or other Kering brands, and treat any requests for payment details or account credentials with suspicion.

ObscureIQ assessment: High risk of phishing, procurement fraud, and affluent-customer targeting. Group-level data can also help attackers map brand relationships and high-value retail operations.

Breach Impact

Kering was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025, with customer contact data including email addresses, phone numbers, and home addresses published as part of the Salesforce campaign. Security researchers noted that the Kering dataset represented a particularly high-value target because Gucci and other Kering brand customers include high-net-worth individuals — making the combination of names, contact information, and luxury purchase context useful for social engineering and fraud targeting wealthy consumers. Kering has not made detailed public statements about the specific scope of its exposure in this campaign.

About Kering

Kering is a French multinational luxury goods holding company that owns and manages a portfolio of high-end fashion and lifestyle brands including Gucci, Saint Laurent, Bottega Veneta, Balenciaga, Alexander McQueen, Brioni, and others. Headquartered in Paris, the company is publicly listed on Euronext Paris and operates across more than 100 countries through owned retail boutiques, wholesale accounts, and e-commerce platforms. Kering is one of the two dominant players in the global luxury goods conglomerate market alongside LVMH.

Why They Hold Your Data

Luxury brand groups collect customer, employee, vendor, clienteling, and commerce records across multiple fashion and luxury houses, including contact, purchase, and operational data.

Recent Developments

Kering has faced a challenging period for luxury goods demand, particularly at Gucci, its largest revenue contributor, which saw significant sales declines beginning in 2024. The company has brought in new creative leadership at Gucci and undertaken strategic repositioning efforts across the brand. Kering divested several assets and has been focused on margin and portfolio management amid softer global luxury demand.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Kering breach?

Kering, the French luxury goods group behind Gucci, Balenciaga, Bottega Veneta, Saint Laurent, Brioni, and Alexander McQueen, was caught up in a broad supply chain attack targeting Salesforce, the customer relationship management platform used across Kering's retail operations. A threat actor group…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation