Louis Vuitton鈥檚 UK branch has told its customers that their personal data may have been exposed during a cyberattack earlier this month. The company had discovered the breach on the 2nd of July and has started contacting people whose information might be affected.
Details like names, phone numbers, email and postal addresses, birthdays, gender, shopping history and preferences were breached. As much as bank details weren鈥檛 accessed, the company did say as a warning that phishing scams could follow and advised customers to be careful of emails, texts, or phone calls that feel suspicious.
The Information Commissioner鈥檚 Office has been notified. Under UK law, companies must report personal data breaches within 72 hours once confirmed.
Is This A Bigger Issue?
This is the third time in recent months that a brand owned by Louis Vuitton鈥檚 parent company, LVMH, has dealt with a similar situation. Earlier this year, both Dior and Tiffany faced customer data breaches.
Dior confirmed that someone outside the company accessed personal details from its fashion and accessories division. It said no payment data was involved, and an outside security team was brought in to investigate.
LVMH has also faced similar problems in South Korea. In that case, Louis Vuitton鈥檚 operations there were targeted by hackers who got into customer data.
A lot of other luxury retailers in the UK have also been affected. Marks & Spencer, Co-op, Harrods and Adidas have all been targeted recently. Four people, a 17 year old from the West Midlands and a 20 year old woman from Staffordshire, were arrested. Another 2 suspects, aged 19, were picked up in London and Latvia.
More from News
- World Quantum Day 2026: Experts Reflect On Industry Developments This Year
- 79% Of UK Workers Fear Losing Their Jobs This Year – And Its Not AI Related
- Scail Launches To Help Regulated SaaS Businesses Navigate The AI 鈥淧erfect Storm鈥
- X Is Taking A Slightly Different Approach To Managing Click Bait Content – Will It Work?
- AI Is Meant To Reduce Workloads, Why Is It Still Causing Workers Cognitive Fatigue?
- Apple Wins Q1 As Smartphones Shipments Go Up And Competitor Sales Go Down
- Can Travellers Expect Lower Flight Prices After The Ceasefire?
- Gen Z Consumers Face The Highest Online Fraud Risks – How Are They Staying Protected?
How Did Hackers Get In?
Cybersecurity experts believe that the LV attack might have started with a method called credential stuffing, where stolen usernames and passwords from other websites are reused to access different systems. Some people also believe it could have been a SQL injection, which takes advantage of flaws in website code.
The attackers were likely inside the system for a while before anyone noticed. They may have used advanced tools that made it harder to detect what was going on, slipping past standard firewalls and security software.
Financial data like card numbers or payment info wasn鈥檛 taken because it had better protection. But access to shopping history and contact details can still be used to run scams, especially through fake emails pretending to be from Louis Vuitton or Dior.
What Does This Mean For Customers?
There鈥檚 no sign so far that the stolen data has been misused. But the details exposed could still be used for scams. Criminals might use names and emails to send fake messages that appear to come from the company.
Thomas Richards from Black Duck, a company that advises on security, said criminals sometimes pretend to be customers when calling help centres, hoping to get access to more personal information. This is known as social engineering, and it鈥檚 harder to catch than a simple password hack.
Customers are to look out for messages that ask them to click links or hand over login information. Anything that feels rushed, or threatens a bad outcome, should be treated with care.
