Data breach at Dior: Customer information compromised in cyber incident
Dior and another LVMH-owned brand, Louis Vuitton, have recently fallen victim to a suspected cyberattack by the group known as ShinyHunters.
On July 24, 2025, the Information Commissioner's Office (ICO) issued a statement regarding the Dior incident at 12.53 UTC. The statement confirmed that Dior's January 26, 2025 data breach compromised the personal information of its customers. The breached database contained customer information, including full names, addresses, contact details, dates of birth, passport or government ID numbers, and in some cases, Social Security numbers.
However, it's important to note that payment details, such as bank account and payment card information, were not stored in the breached database.
Regarding the number of individuals affected by the Dior breach, a detailed breakdown per state in the U.S. is not publicly available. Dior has sent notification letters to impacted customers and reported to several U.S. state Attorney General offices, indicating a broad geographic impact. However, exact state-by-state figures have not been disclosed.
As for the United Kingdom, no specific data or official confirmation regarding the breach affecting UK customers has been publicly detailed as of the latest information from July 2025. Reports focus primarily on the U.S. clients and notifications.
In a separate incident, Bleeping Computer reported that Louis Vuitton's data breach occurred during a cyberattack on their system, with the intrusion traced back to January 26. Customer data from Louis Vuitton was accessed in the UK, South Korea, Turkey, Italy, and Sweden. The exact number of individuals affected by this breach is also not known.
The ICO is currently assessing the information provided by Dior, and the ICO has made a statement regarding the Dior incident following the publication of this article. LVMH-owned Dior confirmed a data breach in a breach notification letter to California's attorney general. In separate filings with the Texas and Washington attorneys general, it was revealed that 9,716 and 10,878 individuals had their data stolen, respectively.
If you are a Dior or Louis Vuitton customer in any region, it is advisable to monitor for breach notifications and consider credit monitoring services where offered. It's not clear whether UK-based Dior customers were affected by the breach, so vigilance is important.
The breaches are believed to be part of a coordinated assault on the wardrobes of the world's well-heeled, raising concerns about the security of personal data held by luxury brands. The investigation into these incidents is ongoing, and updates will be provided as more information becomes available.
- In light of the ongoing investigation, it would be prudent for technology firms specializing in AI and cybersecurity to scrutinize the security measures of luxury brands like Dior and Louis Vuitton, as their recent data breaches have raised concerns about the protection of personal finance information.
- As financial institutions continue to digitalize customer data, there is an increased need for cooperative efforts between AI, technology, and cybersecurity sectors to ensure robust defense systems against sophisticated attacks like the one perpetrated on Dior and Louis Vuitton, safeguarding the integrity of sensitive financial information.
