House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.
A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.
“The House of Dior recently discovered that an unauthorized external party accessed some of the data we hold for our Dior Fashion and Accessories customers,” stated the spokesperson.
“We immediately took steps to contain this incident. The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident.”
Dior clarified to BleepingComputer that the incident did not expose account passwords or payment card information, as these were stored in a different database that remained unaffected.
“No passwords or payment information, including bank account or payment card information, were in the database affected in the incident.”
“We are working to notify relevant regulators and customers in line with applicable law.”
“The confidentiality and security of our customers’ data is an absolute priority for the House of Dior. We sincerely regret any concern or inconvenience this matter may cause our customers.”
Korea and China confirmed impacted
Although Dior did not specify the number of customers and the regions impacted, there is a notification confirming its South Korean website being affected. There also some reports about Chinese customers receiving data breach notifications from the fashion house.
According to screenshots of the notices shared online, the incident was discovered on May 7, involving unauthorized personnel access, and exposed the following information:
- Full name
- Gender
- Phone number
- Email address
- Postal address
- Purchase history
Source: marketing-interactive.com
The notice posted on Dior’s Korean shop also sets the breach date to May 7, 2025, suggesting a common cybersecurity incident that had an international impact.
However, in that case, only contact information, purchase data, and preferences customers shared with the brand are flagged as potentially exposed.
Source: dior.com/ko_kr/fashion
Meanwhile, Korean media report that Dior faces legal scrutiny for failing to notify all the applicable authorities in the country about the data breach.
Dior recommends that customers remain vigilant for phishing attempts that request their personal information, and contact them immediately to report cases of brand impersonation.
At the moment, details about the number of customers and the countries affected have not been disclosed publicly.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.