21.07.2025
2 min
484
Dior has begun sending out notifications to its US customers about a data breach — hackers gained access to a database with names, addresses, dates of birth, and even passport and SSN numbers. The vulnerability was reported in January, but the company only learned about it 3 months later.
French fashion house Dior, part of the LVMH group, reported that on January 26, 2025, an unauthorized party gained access to one of its customer databases. The company only learned about the incident on May 7, after which it launched an internal investigation and engaged external cybersecurity experts.
The audit revealed that the attackers obtained the following personal data:
The good news: No bank or credit card details were stored in the database, so no financial information was compromised.
Dior is urging customers to be vigilant about fraud and phishing. The letter offers a free 24-month credit monitoring and identity theft protection package that can be activated until October 31, 2025.
This incident coincides with previously reported leaks in South Korea and China, which Dior reported in the spring. It also recently became known about a similar attack on Louis Vuitton, another LVMH brand, which was affected in the UK, Turkey and Korea.
BleepingComputer journalists have learned that both incidents were part of the same attack, most likely by the ShinyHunters group, which gained access to the data through a compromised third-party provider.
Even giants like Dior and Louis Vuitton are not immune to leaks, especially when it comes to chain attacks via third-party contractors. This incident is another reminder of how important proactive data security and rapid response are. Dior has chosen the path of openness, but now it is up to users to take advantage of the offer to protect their identities.
