What Kering’s Cyber Attack Teaches Industries About AI

Cybercriminals have stolen customer data from Gucci, Balenciaga and Alexander McQueen after breaching parent company Kering.

This cyber attack following the one on JLR exposes the increasing sophistication of cyber attacks alongside AI’s development and how vulnerable luxury chains are becoming.

Kering confirms that hackers accessed “limited customer data from some of our Houses,” though stresses “no financial information – such as bank account numbers, credit card information or government-issued identification numbers – was involved.”

The attack, carried out by a hacker known as Shiny Hunters, resulted in the theft of names, addresses, emails, phone numbers and purchase histories from what the criminal claims are 7.4 million unique accounts. 

Particularly concerning is the stolen “Total Sales” data field, which records how much individual customers spend with each brand.

So what do these cyber attacks teach us about AI?

How AI transforms both attack methods and defence strategies

The breach demonstrates how AI is reshaping cybersecurity threats. 

Machine learning (ML) algorithms now enable criminals to create more sophisticated attacks while providing new defensive tools for security teams.

Spencer Young, Senior Vice President for Europe, Middle East and Africa at Delinea, a privileged access management company, positions current threats within this technological evolution: “Today’s breach, impacting millions of customers... is a stark reminder that ransomware and data theft has evolved into a shape-shifting, AI-enabled threat,” he says.

Large language models (LLMs) allow criminals to craft phishing attacks that are localised and language-specific, achieving higher success rates than mass-distributed attempts.

James Blake, Vice President of cyber resiliency strategy at Cohesity, a data management firm, describes how criminals are adapting: “Hackers are weaponising AI, exploiting systemic vulnerabilities, evading common security tools and targeting critical infrastructure with growing precision,” he says.

The sophistication means traditional security measures may prove insufficient against threats that adapt based on target responses. 

Companies must now treat cybersecurity as integral to supply chain continuity rather than a separate IT function, with every connection point representing a potential vulnerability.

“LLMs now allow criminals to craft phishing attacks that are localised, believable and language-specific, contributing to a high success rate,” James says.

The bigger picture

Kering says the breach originated from unauthorised access in April, with the criminal making contact in June attempting to extort Bitcoin payment. 

The company followed law enforcement guidance by refusing to engage or pay the ransom demand.

The incident follows a pattern of attacks targeting luxury brands including Cartier and Louis Vuitton. 

Google’s cybersecurity analysts link Shiny Hunters to a broader threat group called UNC6040, known for targeting third-party systems like Salesforce through social engineering techniques that trick employees into surrendering login credentials.

How supply chain vulnerabilities multiply attack surfaces

The breach highlights how luxury brands’ reliance on interconnected systems creates multiple vulnerabilities across their operations.

These companies depend on integrated networks covering customer relationship management, inventory tracking and global distribution that connect internal systems with external suppliers, warehouses and shipping partners.

When hackers compromise shared digital platforms or IT connections, the effects ripple through production lines, distribution centres and vendor networks. 

A breach of an outsourced system like Salesforce can provide backdoor access to core infrastructure.

Michael Tigges, Senior Security Operations Analyst at Huntress, a cybersecurity firm providing threat detection services, explains the broader implications: “The breach at Kering highlights how luxury retailers remain attractive targets for data theft, even when payment data isn’t exposed.”

He also notes that identity data alone enables criminals to impersonate legitimate users and potentially access other systems, using techniques including deepfake voice technology and AI-generated phishing content to make fraudulent communications more convincing.

This interconnectedness means that operational paralysis, delivery delays and stock shortages can result when systems are compromised or taken offline for security remediation.