Dior notifies US customers of data breach involving sensitive personal information

Luxury fashion house Dior has begun notifying U.S. customers that their personal information was compromised during a cybersecurity incident earlier this year, which may be part of a broader attack on the LVMH Group, the world’s largest luxury conglomerate.

In breach notification letters sent to affected individuals, Dior said the unauthorized access occurred on January 26, 2025, but was only discovered on May 7. Following the discovery, the company launched an internal investigation and engaged third-party cybersecurity experts to assess the scope and secure its systems.

“Our investigation determined that an unauthorized party was able to gain access to a Dior database that contained information about Dior clients,” the company said in the notice. Dior emphasized that the breach was promptly contained and stated there is currently no evidence of ongoing unauthorized access to its systems.

Exposed data includes full names, contact details, mailing addresses, dates of birth, and, in some cases, passport or government-issued identification numbers and Social Security numbers. Dior clarified that no payment card or bank account information was stored in the affected database.

The company is offering 24 months of complimentary credit monitoring and identity theft protection to impacted customers, with enrollment open through October 31, 2025. Recipients are advised to remain alert for phishing attempts and monitor their financial accounts for suspicious activity.

The breach appears to be part of a larger cyberattack linked to the hacking group ShinyHunters, which reportedly targeted LVMH by breaching a third-party vendor’s database. This same campaign has also affected other LVMH brands, including Louis Vuitton, which recently reported similar data exposures involving customers in the UK, South Korea, and Turkey.

Dior had previously confirmed related impacts in South Korea and China. While the company has not disclosed how many U.S. customers were affected, BleepingComputer reports that the incidents at Dior and Louis Vuitton were connected, raising the possibility that additional disclosures may follow.