Dior Hacked: Luxury Fashion House’s Clients Now Targets of Phishing and Identity Theft
While some await the next collection, others are spreading malicious code through spoofed domains.
While some await the next collection, others are spreading malicious code through spoofed domains.
Luxury fashion house Dior has experienced a data breach involving customer personal information from its fashion and accessories online stores. Company representatives confirmed that unauthorized access was made to a portion of data stored in the Dior Fashion and Accessories database. Although the investigation is still ongoing, it has already been established that users in South Korea and China were affected by the attack.
According to Dior, the unauthorized access occurred on May 7, 2025. Shortly after detecting the breach, the company initiated containment measures and brought in external cybersecurity experts to assess the impact and address the incident. Dior emphasized that payment information and customer passwords were stored in a separate database that was not affected.
In notices sent to Chinese and South Korean customers, Dior stated that the following data may have been exposed:
- Full name
- Gender
- Phone number
- Email address
- Physical address
- Purchase history
- Shopping preferences
An official announcement also appeared on Dior’s South Korean website, confirming the incident and urging customers to stay cautious against possible phishing attacks.
Chinese users have likewise begun receiving official breach notifications, indicating the international scale of the incident. However, the exact number of affected users and countries has not yet been disclosed. Dior noted that it is notifying customers and regulators in accordance with local laws.
South Korean media reported that Dior may face legal consequences for failing to notify the country’s regulators in a timely manner. According to Korean law, companies that discover a personal data leak must promptly inform the relevant authorities. In Dior’s case, not all required institutions were reportedly notified.
The brand emphasized that customer data security and privacy remain a top priority. Dior expressed regret for any inconvenience or concern caused by the incident and urged customers to stay alert and report any impersonations of the brand or suspicious requests for personal information.
Meanwhile, cybersecurity experts continue their investigation to determine the source of the breach and prevent similar incidents in the future.
