Louis Vuitton, Dior, and Tiffany Fined $25 Million Over Data Breaches

Related

KDDI Confirms Zero-Day Exploit Behind Breach Affecting 12 Million People

What happened KDDI has updated its earlier breach disclosure, confirming...

Aflac Japan Data Breach Impacts 4.38 Million Customers and Agents

What happened Aflac Life Insurance Japan disclosed a data breach...

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

What happened Nissan disclosed a data breach affecting current and...

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...

Share

What happened

South Korea has fined luxury brands Louis Vuitton, Christian Dior Couture, and Tiffany a combined $25 million following data breaches that exposed customer information. According to South Korea’s Personal Information Protection Commission (PIPC), the breaches occurred after attackers gained access to the companies’ cloud-based customer management systems. In Louis Vuitton’s case, malware on an employee’s device enabled access to the software-as-a-service platform, exposing data from 3.6 million customers. Dior’s breach stemmed from a phishing attack on a customer service employee, compromising data belonging to 1.95 million customers, while Tiffany was breached through voice phishing that exposed 4,600 clients. Exposed information included names, phone numbers, email addresses, postal addresses, and purchase histories. The regulator found that the companies failed to implement adequate access controls and secure authentication measures. 

Who is affected

More than 5.5 million customers of Louis Vuitton, Christian Dior Couture, and Tiffany were affected, with personal information exposed after attackers accessed cloud-based customer management systems used by the companies. 

Why CISOs should care

The breaches demonstrate how compromised employee access and weak authentication controls in cloud-based customer management platforms can result in large-scale exposure of customer data and regulatory penalties. 

3 practical actions

  • Enforce secure authentication controls. Implement strong authentication mechanisms for access to cloud-based customer management systems.
  • Restrict and monitor access rights. Apply IP-based restrictions and monitor access logs to detect unauthorized access attempts.
  • Strengthen phishing defenses. Improve protections and training to reduce risks from phishing and social engineering targeting employees.
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.