Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 749
- Reaction score
- 2,616
- Points
- 93
Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. Since last week, the retailer has been notifying customers that their info was exposed in a data breach, first in South Korea, then in Turkey, and on Friday in the United Kingdom.
Louis Vuitton confirmed that no payment information was compromised from the database accessed during the incident. The company further stated that it is working with cybersecurity experts to investigate the incident and has begun notifying relevant regulators. When asked if the breach notifications in the different regions are linked to the same security incident, BleepingComputer was told that their statement applies to all notifications sent to clients. This incident follows similar breaches disclosed by Tiffany & Co. in April and House of Dior in May, affecting customers in South Korea. The LVMH breaches are linked to an attack by the ShinyHunters extortion group, which gained access and stole data from a third-party vendor's database. This same attack is also believed to be tied to a data breach at Adidas disclosed in May that also impacted customers from South Korea and Turkey. ShinyHunters is a prolific threat actor tied to numerous data theft campaigns, including those against Salesforce and PowerSchool, as well as the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance. Last month, French police arrested five operators of the BreachForum cybercrime forum, which included ShinyHunters members, who had helped re-launch the hacking forum. However, it is believed that other members of the group are still at large, so other attacks may appear under that alias in the future.
"Despite all security measures in place, on July 2, 2025, we became aware of a personal data breach resulting from the exfiltration of certain personal data of some of our clients following an unauthorized access to our system," reads Louis Vuitton's data breach notifications sent to customers. "We would like to assure you that our cybersecurity teams have taken care of the incident with the utmost diligence and attention. Technical measures were immediately taken to contain the incident after its occurence, notably by blocking the unauthorized access. "Louis Vuitton teams are mobilized to cooperate with the competent authorities which have been notified, including the Information Commissioner's Office (the ICO)."
*Louis Vuitton data breach notification to UK customers.
Louis Vuitton confirmed that no payment information was compromised from the database accessed during the incident. The company further stated that it is working with cybersecurity experts to investigate the incident and has begun notifying relevant regulators. When asked if the breach notifications in the different regions are linked to the same security incident, BleepingComputer was told that their statement applies to all notifications sent to clients. This incident follows similar breaches disclosed by Tiffany & Co. in April and House of Dior in May, affecting customers in South Korea. The LVMH breaches are linked to an attack by the ShinyHunters extortion group, which gained access and stole data from a third-party vendor's database. This same attack is also believed to be tied to a data breach at Adidas disclosed in May that also impacted customers from South Korea and Turkey. ShinyHunters is a prolific threat actor tied to numerous data theft campaigns, including those against Salesforce and PowerSchool, as well as the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance. Last month, French police arrested five operators of the BreachForum cybercrime forum, which included ShinyHunters members, who had helped re-launch the hacking forum. However, it is believed that other members of the group are still at large, so other attacks may appear under that alias in the future.