Louis Vuitton’s UK branch has told its customers that their personal data may have been exposed during a cyberattack earlier this month. The company had discovered the breach on the 2nd of July and has started contacting people whose information might be affected.
Details like names, phone numbers, email and postal addresses, birthdays, gender, shopping history and preferences were breached. As much as bank details weren’t accessed, the company did say as a warning that phishing scams could follow and advised customers to be careful of emails, texts, or phone calls that feel suspicious.
The Information Commissioner’s Office has been notified. Under UK law, companies must report personal data breaches within 72 hours once confirmed.
Is This A Bigger Issue?
This is the third time in recent months that a brand owned by Louis Vuitton’s parent company, LVMH, has dealt with a similar situation. Earlier this year, both Dior and Tiffany faced customer data breaches.
Dior confirmed that someone outside the company accessed personal details from its fashion and accessories division. It said no payment data was involved, and an outside security team was brought in to investigate.
LVMH has also faced similar problems in South Korea. In that case, Louis Vuitton’s operations there were targeted by hackers who got into customer data.
A lot of other luxury retailers in the UK have also been affected. Marks & Spencer, Co-op, Harrods and Adidas have all been targeted recently. Four people, a 17 year old from the West Midlands and a 20 year old woman from Staffordshire, were arrested. Another 2 suspects, aged 19, were picked up in London and Latvia.
More from News
- How Much Electricity Will AI Need By 2030?
- Small Business Owners Say They’re Worse Off Than During Covid, Here’s Why
- Reddit Will Now Have Age Verification Checks For Users In The UK
- Expert Advice On How To Stay Ahead Of Job Market Amid Layoffs
- How Meta Is Helping The UK Government With Public Services
- Recent Studies Show The Mental Health Risks Of AI Therapy Choices
- How Did A Fake AI-Generated Band Fool Thousands Of Listeners?
- What Influences Bitcoin Prices And Fluctuations?
How Did Hackers Get In?
Cybersecurity experts believe that the LV attack might have started with a method called credential stuffing, where stolen usernames and passwords from other websites are reused to access different systems. Some people also believe it could have been a SQL injection, which takes advantage of flaws in website code.
The attackers were likely inside the system for a while before anyone noticed. They may have used advanced tools that made it harder to detect what was going on, slipping past standard firewalls and security software.
Financial data like card numbers or payment info wasn’t taken because it had better protection. But access to shopping history and contact details can still be used to run scams, especially through fake emails pretending to be from Louis Vuitton or Dior.
What Does This Mean For Customers?
There’s no sign so far that the stolen data has been misused. But the details exposed could still be used for scams. Criminals might use names and emails to send fake messages that appear to come from the company.
Thomas Richards from Black Duck, a company that advises on security, said criminals sometimes pretend to be customers when calling help centres, hoping to get access to more personal information. This is known as social engineering, and it’s harder to catch than a simple password hack.
Customers are to look out for messages that ask them to click links or hand over login information. Anything that feels rushed, or threatens a bad outcome, should be treated with care.
