- Dior confirmed losing sensitive customer data
- Passwords and payment data was not taken
- No groups claimed responsibility yet
Global fashion powerhouse Dior confirmed suffering a cyberattack in which sensitive customer information was lost. Payment data, bank account, or credit card information, was not taken.
In a statement shared with BleepingComputer, Dior said it is currently investigating the incident and that it brought in third-party cybersecurity experts to assist:
“The House of Dior recently discovered that an unauthorized external party accessed some of the data we hold for our Dior Fashion and Accessories customers,” the spokesperson told the publication. “We immediately took steps to contain this incident. The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident.”
Names and addresses
While Dior confirmed that passwords and payment information were not accessed, it did not say how many people were affected, or what kind of information was taken. BleepingComputer claims to have found screenshots of data breach notification emails being sent to Chinese customers, which share a little more insight.
Apparently, the attack was spotted on May 7, with the miscreants walking away with people’s full names, gender information, phone numbers, email addresses, postal addresses, and purchase history.
This is more than enough data to create personalized, convincing phishing emails and get Dior customers to share their passwords, or make unwanted purchases.
This also seems to have been an international incident, since at least Korean and Chinese customers seem to have been impacted. In South Korea, Dior could be facing a lawsuit for not properly notifying relevant authorities.
Currently, no threat actors have claimed responsibility for the attack, and the stolen data has not emerged on the dark web.
Dior is a French multinational luxury goods company headquartered in Paris. The company designs and sells high-end fashion, and operates globally, and has a significant presence in Europe, Asia, and North America. In 2023, the company reported revenue of $96.60 billion.
Via BleepingComputer
