TAG Heuer fined for data breach exposing information of 2,900 South Korean customers

TAG Heuer, the luxury watchmaker owned by LVMH Group, has been fined for a significant data breach affecting nearly 2,900 South Korean customers. The breach occurred between 2019 and 2020 during a cyberattack on the company’s website renovation, as reported by South Korea’s Personal Information Protection Commission (PIPC).

The cyberattack came to light when TAG Heuer was blackmailed by the hacker in 2023, leading the company to report the incident to the PIPC. The delay in reporting, alongside the breach itself, prompted a closed-door meeting by the PIPC in February 2024, where penalties were decided.

Following their investigation, the PIPC imposed a fine of 126 million won (approximately USD 90,712) on TAG Heuer for the data breach and an additional 7.8 million won (approximately USD 5,639) for the delayed reporting. These penalties highlight the commission’s stringent stance on data privacy and the necessity for prompt disclosure of security breaches.

South Korea is the first country to penalize TAG Heuer for this incident. A PIPC official emphasized the importance of this action, underscoring the country’s commitment to safeguarding personal data and holding companies accountable for security lapses.

The data breach has raised significant concerns among TAG Heuer’s South Korean customers, as the compromised information includes sensitive personal data. Although the specifics of the leaked data were not disclosed, such breaches typically involve names, financial information, and contact details, posing severe risks to the affected individuals.