Louis Vuitton data breach affects customers in Turkey, South Korea, and the UK

French luxury fashion house Louis Vuitton said the data security incident it suffered in June compromised the sensitive personal data of customers in Turkey, South Korean, and the UK.

 

In a data security incident notice published on its website, LV said that on July 2, it learned about a breach that occurred on June 8, when an unauthorised threat actor accessed its internal network and stole sensitive personal data of its South Korean customers.

 

Preliminary investigation revealed that the compromised data included first names, last names, contact information, and additional information provided by customers. LV has, however, confirmed that the compromised “database does not contain any financial information such as passwords, credit card information, bank account information, or other financial account information.”

 

Last week, in a press release, Turkey’s Personal Data Protection Board said the Turkish arm of LV also suffered a similar incident and that the company has launched an investigation into the same.

 

“The violation started on June 7, 2025 and was detected on July 2, 2025. The violation occurred with unauthorised access to the database containing the personal data of the customers; It was determined that a service account used by the administrator of a third-party service provider was compromised,” reads the press release.

 

The Turkish government agency also confirmed that 142,995 people were affected by the incident.

 

UK customers of the luxury brand were also affected by the incident. In an email sent to customers, LV confirmed that the internal network of its British operations was accessed by an unauthorised third party on July 2, 2025. 

 

The breach led to the theft of data, including names, contact details, and purchase histories, all of which could be exploited by cybercriminals. As with other incidents, LV assured customers that bank and credit card details were not compromised.