Louis Vuitton has revealed that customer data was stolen during an unauthorised breach of the fashion giant’s UK operation’s systems.
The retailer – which is part of French luxury group LVMH – is the latest firm in the sector to be targeted by cyber hackers following similar attacks at M&S, the Co-operative Group and Harrods.
Louis Vuitton said hackers had accessed information such as names, contact details and purchase history in the attack on its UK arm, which took place on July 2. Its Korean division was also subject to a similar attack, though no financial data – such as bank details – has been compromised.
“While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorised use of your information may occur,” the retailer said in an email to its customers.
This is the third breach of LVMH’s systems in as many months, with another of its fashion labels, Christian Dior Couture, also subject to an attack in May.
LVMH said it has notified relevant authorities, including the UK regulator the Information Commissioner’s Office, about the attacks.
The attack could be hugely damaging to LVMH’s reputation, according to James Hadley, founder and chief innovation officer at Immersive.
Hadley, a former analyst and security consultant at GCHQ, noted that because the luxury brand’s core clientele includes high-net-worth individuals, there is likely a heightened expectation for enhanced measures to safeguard their information
“The personal information of high-profile individuals is perceived as more valuable by cybercriminals, and with the recent string of retail breaches, attackers may have felt emboldened,” he explained.
“This is why it’s essential for organisations to continuously stress-test their defences. Developing a robust cyber resilience strategy—one that involves the entire organisation—is critical. Anything less leaves the business vulnerable.
While Louis Vuitton has stated there’s no evidence the stolen data has been misused, that offers no long-term guarantee. Cybercriminals often sit on stolen information for months before selling it on the dark web or using it in phishing attacks. Customers should be cautious of any messages claiming to be from Louis Vuitton, especially if they come through unfamiliar or unofficial channels.”
The news comes less than a week after UK investigators announced they had arrested four individuals in connection with the attacks on Marks and Spencer and other retailers in May.
Three teenage males and a 20-year-old woman were arrested in connection with the cyberattacks, which disrupted the retailer’s online systems until earlier this month.
