Louis Vuitton Is The Latest Luxury Brand To Suffer A Data Breach
The latest confirmed breach against Louis Vuitton's UK operations occurred on July 2. the investigation has found that customer information including names, contact details, and purchase histories was compromised, though crucially, no payment or financial data was part of the breach. Louis Vuitton has proactively informed affected customers and reported the incident to the UK Information Commissioner's Office. In its communication with customers, the brand asserts that immediate technical
measures have been taken to contain the breach, and that it's collaborating with external cybersecurity firms to conduct a thorough
forensic review, as well as improve its defenses.
This attack follows closely on the heels of similar breaches that hit Louis Vuitton's South Korean division and, previously, Christian Dior Couture, another prominent LVMH brand. While no specific group has claimed responsibility, BleepingComputer suggests a connection to the infamous ShinyHunters extortion group. The method of attack appears to involve unauthorized access to a third-party vendor's database, a vulnerability also believed to have impacted sports brand Adidas.
No one's sure exactly why just yet, but the cyber landscape has become increasingly treacherous for luxury brands. Here's a non-exhaustive list of high-profile companies that have experienced recent data attacks in the last few months:
- Apart from Louis Vuitton and Christian Dior Couture, Tiffany & Co. (also part of the LVMH group) experienced a customer data breach this year.
- In early June, luxury jeweler and watchmaker Cartier disclosed a data breach that compromised customer names, email addresses, and countries of residence. No sensitive financial information or passwords were exposed.
- In the UK, major retailers like Marks & Spencer (M&S), Co-op Group, and luxury department store Harrods have also been subjected to cyberattacks.
- Victoria's Secret experienced a security incident in May that led to a temporary shutdown of its U.S. website.
- Outdoor apparel retailer The North Face notified customers of a credential stuffing attack in April, resulting in the theft of personal information.
- In May 2024, luxury retailer Neiman Marcus was affected by a security incident linked to a cloud database provider, impacting over 60,000 customers with compromised personal information and gift card numbers.
