Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack

Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients. 

The breach, discovered in May 2025, involved unauthorized access to customer databases containing personal data including names, addresses, dates of birth, and in some cases, Social Security numbers.

Key Takeaways
1. Dior’s data breach exposed customer IDs and some Social Security numbers.
2. No financial data leaked; 24 months of free credit monitoring offered.
3. Dior improved security and urged customer vigilance.

Dior Customer Database Breached

The cybersecurity incident occurred on January 26, 2025, when an unauthorized third party gained access to Dior’s customer database systems. 

However, the breach wasn’t discovered until May 7, 2025, more than three months after the initial unauthorized access.

According to the company’s official notification, Dior immediately launched a comprehensive investigation supported by leading third-party cybersecurity experts once the incident was identified.

The investigation revealed that the threat actor was able to maintain access to Dior’s systems for an unspecified period, though the company states there is “no evidence of subsequent unauthorized access to Dior systems” beyond January 26. 

This suggests the breach may have been contained to a single infiltration event, though the delay in detection raises questions about the company’s cybersecurity monitoring capabilities.

The affected database contained extensive personally identifiable information (PII) of Dior clients, including first and last names, contact information, physical addresses, dates of birth, and additional sensitive data customers provided during transactions. 

Most concerning, the breach exposed passport numbers, government-issued ID numbers, and, in a “small number of cases,” Social Security numbers data that could facilitate identity theft.

Notably, Dior emphasized that no payment card information, bank account details, or other financial data were stored in the compromised database, potentially limiting the immediate financial risk to affected customers. 

The company has not disclosed the exact number of customers impacted by the breach.

Dior has implemented several remediation measures following the incident discovery. The company engaged third-party cybersecurity experts to verify containment and has notified law enforcement agencies as required by data breach notification laws. 

Additionally, Dior has implemented enhanced network security measures designed to prevent future incidents.

To mitigate potential identity theft risks, Dior is offering affected customers complimentary 24-month memberships to Experian IdentityWorks credit monitoring services. 

This comprehensive protection package includes three-bureau credit monitoring, fraud detection tools, identity restoration services, and up to $1 million in identity theft insurance coverage.

Customers can activate their monitoring services by visiting the Experian IdentityWorks website and using their unique activation codes, which must be redeemed by October 31, 2025. 

For additional support, affected customers can contact Dior’s dedicated breach response line at 1-833-918-5938, providing engagement number B147873 for verification purposes.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now