breach
South KoreaBleepingComputer
South KoreaBleepingComputerLVMH Brands Fined $25M in South Korea for Data Breaches
Monday, February 16, 2026
What
Luxury brands Louis Vuitton, Dior, and Tiffany suffered multiple data breaches due to inadequate security, leading to significant fines from South Korea's PIPC. This highlights the critical importance of robust access controls and timely incident response even when utilizing third-party SaaS solutions.
Where
Louis Vuitton, Christian Dior Couture, and Tiffany (LVMH group) in South Korea. Affected systems were cloud-based customer management services.
When
Breaches occurred in 2025; Dior's discovery was delayed over three months, and notifications were delayed.
Key Factors
- •Breaches stemmed from employee compromise via malware or phishing, granting attackers access to cloud-based customer management SaaS platforms.
- •Key security failures included lack of IP-based access restrictions, absence of secure authentication for external access, and no bulk data download controls.
- •Delayed breach discovery and failure to meet regulatory notification timelines (72 hours under PIPA) significantly contributed to the imposed penalties.
Takeaways
- →Organizations must implement multi-factor authentication, IP access restrictions, and robust employee security training for all cloud-based services, especially those handling sensitive customer data.
- →Establish and regularly test an incident response plan that includes clear procedures for timely breach detection, containment, and regulatory notification to avoid additional penalties.
