Tiffany & Co. has confirmed a data breach affecting customers in South Korea, marking the second such incident involving an LVMH Moët Hennessy Louis Vuitton brand after a similar case at Dior. On May 26, Tiffany Korea notified select customers via email of a cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data.
Both Dior and Tiffany operate under LVMH, the world’s largest luxury goods conglomerate, raising broader concerns over data security within the group.
According to the email sent by Tiffany Korea, the breach occurred on Apr. 8. The company said it verified on May 9 that personal data belonging to individuals in South Korea had been compromised. The exposed information includes names, addresses, phone numbers, email addresses, internal customer ID numbers, and purchase history—data considered particularly sensitive from a consumer standpoint, as was the case in the Dior breach.
Tiffany noted that, as of now, there have been no confirmed cases of misuse or exploitation of the compromised data.
When contacted by Chosunilbo, Tiffany Korea’s customer service center said that only those affected had been individually notified. No public notice regarding the breach appeared on the company’s official website at the time of reporting.
LVMH finalized its acquisition of Tiffany & Co., the American luxury jeweler, in January 2021 in a deal valued at approximately 17 trillion won ($12.4 billion). Tiffany Korea generated 377.9 billion won ($276 million) in domestic sales last year, a 7.6% increase from the previous year, with operating profit reaching 21.5 billion won ($15.7 million)
Dior’s coveted client list of China’s wealthiest and most powerful consumers has been compromised in a major data breach, forcing the French luxury giant to issue an apology as it scrambles to contain potential fallout and limit any damage to its reputation.
The luxury brand under French conglomerate LVMH experienced a customer data breach in China on May 7. According to a text message sent to customers yesterday, the company disclosed that an unauthorized external party had gained access to its database, obtaining sensitive personal information such as customers’ names, gender, phone numbers, email addresses, mailing addresses, purchase amounts, and shopping preferences.
Dior emphasized that the compromised data did not include bank account details, IBANs (International Bank Account Numbers), or credit card information. Nonetheless, the brand urged customers to exercise heightened caution, advising them to beware of phishing messages, unsolicited calls or emails, and to avoid clicking on suspicious links or disclosing personal information.
Luxury department store is forced to shut some systems but website and shops continue to operate.
Harrods has been hit by a cyber-attack, just days after Marks & Spencer and the Co-op were targeted.
The luxury department store is understood to have been forced to shut down some systems, but said its website and all its stores, including the Knightsbridge flagship, H beauty and airport outlets, continued to operate. It is understood the retailer first realised it was being targeted earlier this week.
Harrods said in a statement: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
The retailer said it was not asking customers to take any action, indicating that it did not suspect data had been accessed. It added: “We will continue to provide updates as necessary.”
