A cyberattack exposes personal details of high-end shoppers, leaving them sleepless about privacy and phishing threat escalations in the near future.
On 7 May 2025, French luxury brand detected unauthorized access to a customer database, subsequently disclosing that a data breach had impacting customers in multiple countries, especially China and South Korea.
The compromised information includes names, gender, phone numbers, email addresses, mailing addresses, purchase history, and shopping preferences. No financial data such as bank account numbers, International Bank Account Numbers or credit card details had been stolen.
Upon discovering the incident, Dior had immediately taken steps to contain it, launched an investigation with cybersecurity experts, and begun notifying affected customers via SMS and other means.
The firm has also reported the breach to relevant regulatory authorities, and issued a formal apology for the incident. Affected customers will need to remain vigilant for suspicious communications, such as emails, calls, or messages that may attempt to exploit the leaked personal information.
While the exact number of affected customers has not been disclosed, only those whose data was compromised have received direct notifications.
Industry observers have pointed out that the Dior breach is part of a wider wave of cyberattacks targeting major retailers and luxury brands, with recent incidents affecting brands such as Marks & Spencer and Harrods.
Said Marijus Briedis, Chief Technology Officer, NordVPN: “Dior may have contained the damage, but the ripple effects land squarely in the customer’s inbox. Now is the time for consumers to get serious about password hygiene, watch for targeted scams, and treat every message skeptically.” This was in reference to the standard best practices for the aftermath of a data breach, such as tightening password hygiene, enabling multi-factor/biometric authentication features, and stepping up vigilance on all accounts that were accessible with the breached information.
According to other experts such as Jake Moore, Global Cybersecurity Advisor, ESET, retail and luxury brands are prime targets due to the high-value personal data they hold.
