Louis Vuitton Korea’s IT systems were compromised in June by hackers who accessed some data, the LVMH unit said, in the second such incident affecting the luxury brand’s subsidiaries in recent months.
The South Korean unit said an “unauthorised third party” accessed its systems on 8 June and some customer information was leaked.
The data did not include financial data such as payment card or bank account details and the incident has been contained, it said.
Multiple incidents
Louis Vuitton Korea said it is investigating the attack, has notified authorities and is “strengthening the security of our systems” and working with third-party experts.
LVMH’s second-largest fashion brand, Christian Dior Couture, said in May it was targeted by hackers who stole customer data in an incident reported by Le Monde to have taken place in January.
The incident follows a major breach of the systems of Australian airline Qantas last week that it said breached a third-party system containing the records of some 6 million customers.
The system targeted was a third-party platform used by the airline’s customer contact centre, Qantas said.
The system held customer data including names, email addresses, phone numbers, birth dates and frequent flyer numbers, but no payment card details, financial information or passport details, Qantas said.
Data theft
The Qantas breach came days after US authorities warned that the hacking group Scattered Spider was targeting the airline sector, with the US’ Hawaiian Airlines and Canada’s WestJet both affected by comparable cyberattacks in recent weeks.
Silicon UK reported in May that authorities believed Scattered Spider could be behind attacks on retailers in the UK including the Co-op and Marks & Spencer.
Scattered Spider’s attacks date back to disruptive incidents that affected Las Vegas casinos in 2023 and companies in the financial sector in 2024.
The group follows what has become a common business model for hackers to steal sensitive data as well as encrypting a company’s systems, then attempting to extort ransom payments to unlock the systems and to refrain from releasing the data.
