First it was Dior. Now it’s Tiffany & Co. Seok Nam-jun and Kim Mi-geon report:
Tiffany & Co. has confirmed a data breach affecting customers in South Korea, marking the second such incident involving an LVMH Moët Hennessy Louis Vuitton brand after a similar case at Dior. On May 26, Tiffany Korea notified select customers via email of a cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data.
LVMH describes itself as home to 75 distinguished Maisons rooted in six different sectors. In addition to Louis Vuitton and Moët Hennessy, LVMH’s portfolio includes Christian Dior Couture, Givenchy, Fendi, Celine, Kenzo, Tiffany, Bulgari, Loewe, TAG Heuer, Marc Jacobs, Stella McCartney, Sephora and Loro Piana.
The fact that two of its luxury brands reportedly experienced attacks and an unnamed vendor may be involved raises the question as to whether many more of its luxury brands may also have fallen prey to an attack.
But did the attacker(s) get EU and U.S. customer data or just Korean and Chinese customers? So far, DataBreaches has only seen reporting on affected Korean and Chinese customers.
DataBreaches has sent an email inquiry to LVMH asking how many other LVMH brands have already been attacked by this individual or group, how the attacker(s) sign any ransom notes, and whether LVMH’s own system was hit or if it was a vendor’s platform, as reported by The Chosun. If a vendor, does that vendor manage the customer database for all 75 brands? No reply was immediately forthcoming, but DataBreaches will update this post if a reply is received.