Louis Vuitton reports data breach affecting South Korean customers

French luxury fashion house Louis Vuitton said it suffered a significant data security incident that compromised the sensitive personal information of its South Korean customers.

 

Owned by LVMH, Louis Vuitton is a French fashion house and luxury goods company known for its high-end leather goods, including handbags and luggage, shoes, accessories, jewellery, and watches. Some of the other brands under the LVMH umbrella include Louis Vuitton, Christian Dior, Givenchy, Kenzo, Moët & Chandon, Dom Pérignon, and Sephora.

 

In a data security incident notice published on its website, LV said that on July 2 it learned about a breach that occurred on June 8, when an unauthorised threat actor accessed its internal network and stole sensitive personal data of its South Korean customers.

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“We regret to inform you that an unauthorised third party has temporarily accessed our system and has leaked some customer information.

 

“This incident has now been blocked, and we are further strengthening the security of our systems and working with leading experts in cybersecurity,” LV said.

 

Preliminary investigation revealed that the compromised data included first names, last names, contact information, and additional information provided by customers. LV has, however, confirmed that the compromised “database does not contain any financial information such as passwords, credit card information, bank account information, or other financial account information.”

 

LV has notified the relevant authorities about the incident and has assured that it will share more details as they become available.

 

In May, other LVMH brands, including Dior and Tiffany, said they suffered data security incidents where threat actors stole personal data of its South Korean customers.

 

Similar to the incident involving LV Korea, the compromised data included names, phone numbers, email addresses, mailing addresses, and shopping preferences, however, threat actors did not access financial data such as bank account numbers, IBANs, or credit card information.