Customers of the French luxury retailer Louis Vuitton are being notified of a data breach that appears to impact people in several countries.
Data breach notifications have been published on Louis Vuitton websites or privately sent out for customers in the United Kingdom, South Korea, and Turkey. Other countries may be impacted as well.
The cyberattack resulted in the theft of information such as name, contact information, and other data shared by customers. Passwords, payment card information and other financial details have not been obtained by the hackers, Louis Vuitton said.
The incidents reported in each country appear to be connected, based on the type of information that has been compromised and the date when the breach was detected, July 2.
Press releases issued in Korea and Turkey indicate that the hackers gained initial access nearly one month before the intrusion was detected.
In Turkey, the company reported that the breach impacted nearly 143,000 residents. The same statement reveals that the incident involved a compromised account related to a third-party service provider.
SecurityWeek has reached out to Louis Vuitton parent LVMH for additional information — including the number of affected countries and customers — and will update this article if the company responds.
It’s unclear if the company has been targeted in a ransomware attack. No known cybercrime group appears to have taken credit for the attack at the time of writing.
Louis Vuitton is not the only luxury retailer to have suffered a data breach in recent months. Cartier informed customers last month that their personal information was compromised following unauthorized access to its systems.
Adidas and Victoria’s Secret were also hit by cyberattacks in recent months.
UPDATE: Louis Vuitton has provided the following statement to SecurityWeek:
Louis Vuitton recently discovered an unauthorized party accessed some of the data we hold for our clients. We immediately began taking steps to investigate and contain this incident, supported by leading cybersecurity experts.
While our investigation is ongoing, we can confirm that no payment information was contained in the database accessed. We are working to notify the relevant regulators and affected clients in line with applicable law.
At Louis Vuitton, we truly value the trust our clients place in us and the confidential nature of our relationship. We sincerely regret any concern or inconvenience this situation may cause. We continuously work to update our security measures to protect against the evolving threat landscape, and we have taken steps to further strengthen the protection of our systems.
Related: UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks
Related: Four Arrested in UK Over M&S, Co-op Cyberattacks
Related: McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications
