Personal data potentially compromised, payment information unaffected.
Louis Vuitton has notified customers that their personal data may have been compromised.
Saying it became aware of the breach on July 2nd, according to screenshots featured in media reports, the fashion giant said personally identifiable information (PII) including names, gender, country, phone number, email and postal address, date of birth, purchases and preference data may have been compromised.
“Given the nature of the data involved, we warmly recommend that you remain vigilant against any unsolicited communication or other suspicious correspondence, including emails, phone calls or text messages,” the message stated.
“While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorised use of your information may occur.”
Payment Information
It said in a further statement that no payment information was contained in the database accessed.
The incident is the third attack against parent LVMH, after cyber-criminals broke into the Korean subsidiary of Louis Vuitton last week and stole sensitive files, while another LVMH fashion label, Christian Dior, suffered a hack in May.
James Hadley, founder and chief innovation officer at Immersive, said the data breach affecting Louis Vuitton UK customers will be hugely damaging to the brand’s reputation as the core customer base includes high-net-worth individuals; therefore, customers would have expected extra precautions to be taken to protect their personal information.
“The personal information of high-profile individuals is perceived as more valuable by cyber-criminals, and with the recent string of retail breaches, attackers may have felt emboldened,” he said.
“Louis Vuitton has confirmed there is no evidence that the stolen data has been misused; however, that is no guarantee for the future. Cyber-criminals have been known to hold on to data for months before selling it on the dark web or launching phishing campaigns.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
