Fashion house Dior has begun dropping data breach notices after cybercrooks with a taste for high-end targets made off with customer data.
LVMH-owned Dior, the French purveyor of overpriced frocks and fragrances, confirmed in a breach notification letter filed with California’s attorney general that US customer data had been accessed during a recent cyberattack.
Dior first detected something was amiss on May 7, according to the letter, and a subsequent investigation traced the intrusion back to January 26, when an unidentified miscreant “was able to gain access to a Dior database that contained information about Dior clients.”
In a letter sent to those affected, Dior confirms that the trove included names, addresses, contact details, dates of birth, and, in some cases, a passport or government ID number. A lucky few also had their Social Security Numbers thrown into the mix.
Payment details, such as bank account and payment card information, were not stored in the ill-fated database, Dior said.
Dior hasn’t confirmed how many individuals had their data swiped and didn’t respond to The Register‘s questions. However, in separate filings with the Texas and Washington attorneys general this week, spied by The Register, it’s revealed that 9,716 and 10,878 individuals had data pilfered during the incident, respectively, suggesting the global tally could be significantly higher.
Whether UK-based Dior customers were caught up in the breach remains unclear. We’ve has asked the Information Commissioner’s Office if it’s had any word from the fashion house.
The company claims the incident was contained and that there’s “no evidence” of further unauthorized access after the January break-in, though how exactly the attacker gained entry remains unclear. Dior says it has beefed up security and notified law enforcement, and it’s advising its affluent customers to keep an eye on their inboxes and report any suspicious activity.
The attack is believed to be the work of ShinyHunters, a prolific data-slurping crew previously linked to digital burglaries at a range of tech firms and fashion brands. The same group is also suspected in a recent attack on Louis Vuitton, which, like Dior, is part of luxury mega-conglomerate LVMH.
According to Bleeping Computer, Louis Vuitton stated that customer data had been accessed in the UK, South Korea, Turkey, Italy, and Sweden, in what appears to be a coordinated assault on the wardrobes of the world’s well-heeled. ®