South Korea fines Louis Vuitton, Dior and Tiffany $24.9 million over customer data breaches

South Korea’s privacy regulator has imposed a combined 36 billion won, or about $24.9 million, in fines on the Korean units of Louis Vuitton, Dior and Tiffany after determining that millions of customers’ personal details were exposed in separate data breaches.

The Personal Information Protection Commission approved the sanctions during a plenary meeting Wednesday, levying the largest penalty against Louis Vuitton Korea. The luxury fashion retailer was fined 21.4 billion won for a breach affecting approximately 3.6 million customers.

Regulators found that an external actor accessed personal data on three separate occasions by hacking into an employee device. The compromised information included user names, phone numbers and dates of birth. Investigators determined that the company maintained inadequate security controls for remote logins.

Christian Dior Couture Korea was fined 12.2 billion won after a data breach involving roughly 1.95 million users. The commission determined that employees had been deceived into granting malicious actors access to internal systems. The company did not detect the breach for three months.

Tiffany Korea was fined 2.4 billion won over a separate incident in which employees were similarly tricked into providing internal system access. The breach affected about 4,600 users. In both the Dior and Tiffany cases, exposed data included customer names and email addresses.

In addition to the luxury brands, the commission fined BKR, the operator of Burger King in South Korea, 924 million won for collecting personal data from children aged 13 or younger without obtaining consent from a legal guardian.

MGC Global, which operates the Mega MGC Coffee franchise, was fined 642 million won for sending marketing messages to customers who had not agreed to receive them.

The regulator also sanctioned eight other food and beverage companies for violations of the country’s personal information protection law.