[Google machine translation of notice on government site:]
Public Announcement (Data Breach Notification) – Louis Vuitton Çantacılık Ticaret Anonim Şirketi
As is known, Article 12, paragraph (5) of the Law on the Protection of Personal Data No. 6698, titled “Obligations regarding data security,” stipulates that “If processed personal data is obtained by others through illegal means, the data controller shall notify the person concerned and the Board of this as soon as possible. If necessary, the Board may announce this on its website or by any other method it deems appropriate.”
In the data breach notification submitted to the Board by Louis Vuitton Çantacılık Ticaret Anonim Şirketi, which is the data controller, it is summarized as follows;
The violation started on June 7, 2025 and was detected on July 2, 2025,
It was determined that the breach occurred through unauthorized access to the database containing customer personal data; a service account used by the administrator of a third-party service provider was compromised,
The relevant group of people affected by the breach are customers/potential customers,
The personal data categories affected by the breach are identity and contact data, and investigations are ongoing.142,995 people living in Türkiye were affected by the breach.
information is included.Although the investigation into the matter is ongoing, the Personal Data Protection Board has decided, with its decision dated 10.07.2025 and numbered 2025/1246, to publish the data breach notification on the Institution’s website.
It is respectfully announced to the public.
DataBreaches notes that Louis Vuitton Korea, who appeared to be struck on or about the same day, did not mention a third-party provider, and said that their systems were accessed. But Louis Vuitton Turkey says a third-party vendor was compromised?
Update: The Guardian reports that the UK systems with customer data were also compromised:
The retailer, the leading brand of the French luxury group LVMH, said an unauthorised third party had accessed its UK operation’s systems and obtained information such as names, contact details and purchase history.
The brand, which last week said its Korean operation had suffered a similar cyber-attack, told customers that no financial data such as bank details had been compromised.
“While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorised use of your information may occur,” the email said.
The number of UK customers affected was not disclosed.