Dior recently disclosed a data breach that impacted its Chinese customer base, according to a text message sent to customers that began circulating online on Monday.
According to the text message, the LVMH Moët Hennessy Louis Vuitton-owned brand discovered that on May 7, an unauthorized external individual had stolen certain customer data.
Compromised personal information of Dior shoppers included name, gender, mobile phone number, email address, mailing address, spending level, shopping preferences and other information that the shopper might have included voluntarily. However, customers’ financial information, including bank account or payment card information, was not affected, noted the text message.
“As a best practice and out of an abundance of caution, we recommend that you remain vigilant toward any suspicious communications, including text messages, calls and emails,” the text message continued. “Please do not open or click on links from unknown sources, and do not share sensitive information such as verification codes or passwords.”
Dior confirmed the data breach was targeted at its fashion and accessories customers and that the brand immediately took steps to contain the incident.
“The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident,” wrote a Dior spokesperson in an email.
“We are working to notify relevant regulators and customers in line with applicable law. The confidentiality and security of our customers’ data is an absolute priority for the House of Dior. We sincerely regret any concern or inconvenience this matter may cause our customers,” the spokesperson continued.
According to local media reports, the compromised customer data can fetch up to 500 renminbi, or $69.40, per headcount on the dark web. Based on posts on Xiaohongshu, China‘s social commerce platform, some shoppers have already received spam calls from plastic surgery clinics.
The breach may have also extended to neighboring South Korea. According to local media reports, Dior notified the South Korean Personal Information Protection Commission about the breach.
Marijus Briedis, a security expert and chief technology officer at NordVPN, said that brands like Dior have become prime targets in recent years due to their affluent customer base.
“For attackers, this is about both data and influence,” Briedis said.
“It’s a mistake to assume that only financial information matters in a breach. In reality, knowing what someone buys, where they live and how they shop is just as dangerous. For cyber criminals, Dior’s customer data is a gold mine for psychological targeting,” he added.
Most recently, Dior’s Instagram account was hacked in February. Hackers posted a story promoting a fake cryptocurrency called “Dior Official Coin,” which included an external link for token access. While many followers recognized the scam early on, some were deceived and suffered financial loss.