Our Terms & Conditions | Our Privacy Policy
A sign outside a Tiffany & Co boutique in Avenue Montaigne. [TASS/YONHAP]
Korea’s Personal Information Protection Commission (PIPC) said Sunday it has launched an investigation into data breaches at luxury brands Dior and Tiffany, both subsidiaries of global fashion conglomerate LVMH.
The two brands are under scrutiny for their delayed responses after failing to promptly detect or report the incidents.
According to the commission, Dior discovered a data breach that occurred on Jan. 26 only on May 7 — more than 100 days later. It reported the breach to the commission three days later, on May 10. Under the Act on the Promotion of Information and Communications Network Utilization and Information Protection, companies are required to report such incidents to the Korea Internet & Security Agency or the Ministry of Science and ICT within 24 hours of discovery.
Dior did not inform customers until May 13 — six days after it became aware of the breach — through its website and email notifications. The company said names, phone numbers, email addresses and mailing addresses had been compromised.
Tiffany Korea also failed to detect a breach in a timely manner. A breach that occurred in April was not identified until May 9, and it was not reported until May 22 — 13 days later. The company notified only select customers by email and did not post a notice on its website.
The PIPC said the investigation will focus on identifying the exact scope of the breach, verifying compliance with technical and administrative safeguards and reviewing whether the companies violated Korea’s personal information protection laws.
![A signage of Dior is pictured in a store in Paris, France, April 3, 2025. [REUTERS/YONHAP]](https://pune.media/wp-content/uploads/2025/06/25d616b2-b70e-45ee-90e2-393c9c20c210.jpg)
A signage of Dior is pictured in a store in Paris, France, April 3, 2025. [REUTERS/YONHAP]
The delay in both reporting the breach and notifying customers will be a key point of inquiry.
“If any violations are confirmed, appropriate measures will be taken in accordance with the law,” the commission said.
Preliminary findings indicate that the breaches were carried out using staff account credentials for customer management services. Both brands use software-as-a-service (SaaS)-based customer management platforms, which will also be investigated.
“Companies using SaaS-based systems should apply two-factor authentication to employee accounts and implement IP address restrictions to prevent unauthorized access,” the commission said.
LVMH owns over 80 brands. Last year, Dior and Tiffany Korea posted domestic sales of 945.3 billion won ($691 million) and 377.9 billion won, respectively.
Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff.
BY HAN EUN-HWA [[email protected]]
Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.
Aggregated From –
Comments are closed.