"Louis Vuitton employees' devices were infected with malware, and their service-type software account information was stolen by hackers, resulting in the leak of personal information of approximately 3.6 million people on three separate occasions (June 9-13, 2025). Louis Vuitton introduced and operated the service-type software to manage purchasing customers since 2013, but it was found that it did not restrict access rights to Internet Protocol (IP) addresses, etc., and did not apply secure authentication methods when personal information handlers accessed the service from outside."
"The three brands are Louis Vuitton Korea Ltd., Christian Dior Couture Korea Co., Ltd., and Tiffany Korea Co., Ltd. All three brands are also required to post notices of the fines on their websites. According to the regulator, all three businesses suffered personal information leaks while using customer management services based on Software as a Service (SaaS*). Although not named, that SaaS would be Salesforce, as these attacks were part of the ShinyHunters Salesforce campaign. All three of these attackes were previously reported on this site in May - July of 2025."
South Korea's Personal Information Protection Commission imposed total fines of 36.033 billion won and penalties of 10.8 million won on three LVMH brands for leaking personal data. The affected brands are Louis Vuitton Korea, Christian Dior Couture Korea, and Tiffany Korea; each must post notices of the fines on their websites. All three breaches occurred while using customer-management SaaS tied to Salesforce and were linked to the ShinyHunters campaign. Louis Vuitton was fined 21.385 billion won after malware on employee devices and stolen service-account credentials exposed about 3.6 million people. Dior received 12.236 billion won in fines and a 3.6 million won penalty; its breach affected about 1.95 million customers.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]