French luxury fashion giant Dior is notifying customers that their personal information was likely compromised in a January 2025 data breach.
The incident, the company says, occurred on January 26, 2025, and involved unauthorized access to a database containing information about Dior clients.
“The House of Dior recently discovered that an unauthorized external party accessed some of the data we hold for our Dior Fashion and Accessories customers,” the company says in a notice on its website.
In notification letters sent to the impacted customers, copies of which were submitted to the Attorney General’s Offices in several states, Dior reveals that the compromised database contained a trove of personal information.
The exposed data, it says, includes names, addresses, contact details, dates of birth, passport and government ID numbers, Social Security numbers, and other information that customers provided.
According to the fashion house, however, no payment information, such as bank account details or credit card data, was stored in the compromised database.
Dior detected the intrusion on May 7 and immediately implemented measures to contain the incident and launched an investigation into the matter, with support from external experts.
“The third-party cybersecurity experts have verified that the incident is contained, and that there is no evidence that the unauthorized third party was able to access Dior systems except on January 26, 2025,” the company says.
The fashion giant is providing the impacted individuals with 24 months of free credit monitoring and identity theft insurance services.
Dior’s data breach notification letters came out the same week as Louis Vuitton disclosed a cyberattack that impacted customers in the UK, South Korea, Turkey, and possibly other countries as well. Both luxury fashion retailers are part of the LVMH (Moët Hennessy Louis Vuitton) group.
Dior initially disclosed the intrusion in mid-May, when it published incident notices on its websites in South Korea and China. However, it appears that customers in the US and other countries were impacted as well.
The company has not shared details on how the intrusion occurred or how many individuals were impacted and it is unclear who was behind the attack. SecurityWeek has reached out to Dior parent LVMH for a statement on the matter and will update this article if the company responds.
Related: Marketing, Law Firms Say Data Breaches Impact Over 200,000 People
Related: 1.4 Million Affected by Data Breach at Virginia Radiology Practice
Related: Data Breach at Debt Settlement Firm Impacts 160,000 People
Related: Qantas Confirms 5.7 Million Impacted by Data Breach
