Dior Alerts U.S. Customers to Data Breach Incident
▼ Summary
– Dior is notifying U.S. customers about a data breach that occurred on January 26, 2025, compromising personal information like names, addresses, and IDs.
– The breach was discovered on May 7, 2025, and Dior confirmed no payment details were exposed, though sensitive data like Social Security numbers were affected.
– Dior engaged cybersecurity experts and law enforcement, offering affected customers free 24-month credit monitoring until October 31, 2025.
– The breach is linked to the same cyberattack affecting Louis Vuitton, another LVMH brand, believed to be orchestrated by the ShinyHunters group via a third-party vendor.
– The incident also impacted Dior customers in South Korea and China, but the exact number of affected U.S. customers remains undisclosed.
Luxury fashion giant Dior has begun notifying U.S. customers about a data breach that exposed sensitive personal information earlier this year. The incident highlights growing cybersecurity risks facing high-profile brands, particularly those handling vast amounts of customer data.
Dior, the prestigious French fashion house owned by luxury conglomerate LVMH, confirmed unauthorized access to a client database on January 26, 2025. However, the company only detected the breach on May 7, prompting immediate internal investigations. With annual revenues exceeding $12 billion, Dior operates an extensive global retail network, making this breach particularly concerning for its high-end clientele.
According to breach notifications sent to affected individuals, compromised data includes full names, contact details, physical addresses, and dates of birth. For some customers, more sensitive details such as passport numbers, government ID information, and Social Security Numbers were also exposed. The company emphasized that financial data, including payment card and bank account details, remained secure as they were not stored in the affected database.
Dior has taken steps to contain the breach, working with law enforcement and cybersecurity experts to assess the damage. The company maintains there is no evidence of further unauthorized access following the initial incident. Affected customers are being offered 24 months of complimentary credit monitoring and identity theft protection, with enrollment available until October 31, 2025.
This breach appears connected to a broader cyberattack targeting LVMH brands. Earlier disclosures revealed similar incidents affecting Dior customers in South Korea and China, while sister brand Louis Vuitton reported breaches impacting clients in the UK, South Korea, and Turkey. Security researchers suspect the attacks may be linked to ShinyHunters, a notorious cybercriminal group known for exploiting third-party vendor vulnerabilities.
Customers are urged to monitor financial accounts for suspicious activity and remain cautious of potential phishing scams. While Dior has not disclosed the exact number of affected U.S. customers, the breach underscores the importance of robust data protection measures in an era of increasingly sophisticated cyber threats. The fashion house has yet to respond to inquiries regarding the full scope of the incident.
(Source: BLEEPING COMPUTER)
