Louis Vuitton UK Hit by Cyberattack, Third LVMH Breach in 3 Months

Luxury fashion house Louis Vuitton is investigating a data breach that exposed customer information tied to its UK operations. The attack occurred on July 2 2025, and is the third security incident linked to LVMH brands since May.

According to a company email to customers, the breach involved names, contact details and purchase histories. Louis Vuitton clarified that no payment or financial data was compromised. The company has contacted affected customers and alerted the UK Information Commissioner’s Office, as required by data protection laws.

Pattern of Attacks Across LVMH

This incident follows two similar breaches in recent months. Louis Vuitton’s South Korea division and Christian Dior Couture were both reportedly hit by cyberattacks, though specific details about those cases have not been made public.

The latest incident raises questions about the cybersecurity infrastructure of LVMH, the world’s largest luxury conglomerate. While no group has publicly claimed responsibility, the coordinated timing has drawn attention from industry analysts and cybersecurity professionals.

What Was Accessed

Louis Vuitton confirmed the attackers accessed:

No passwords, credit card details or login credentials were affected, according to the company.

Advice to Customers

Affected customers are being warned to watch for phishing attempts. Emails or messages referencing recent purchases or exclusive offers could be used to trick individuals into revealing further personal data.

Security experts recommend:

• Avoiding links in unsolicited messages
• Monitoring accounts for suspicious activity
• Enabling multi-factor authentication where possible

Response from Louis Vuitton

The company said it is working with external cybersecurity firms to investigate the breach and secure its systems. A full forensic review is ongoing. Louis Vuitton has not yet disclosed how the attackers gained access or how many customers were affected.

A spokesperson added that the group has taken “technical and organisational measures” to strengthen its defences, though no specifics were given.

Industry Concerns Growing

The incident adds to a growing list of high-profile attacks on global brands in 2025. Fashion, retail and hospitality sectors have become frequent targets, often due to their rich customer databases and sometimes lagging security practices.

LVMH, which owns more than 70 brands including Louis Vuitton, Dior and Fendi, handles millions of customer transactions each year. Any sustained weakness in its security strategy could become a bigger concern if these incidents continue.

For now, Louis Vuitton is trying to contain the damage. But with three confirmed breaches in 90 days, attention is shifting to whether the company is treating these incidents as isolated events or signs of a bigger cybersecurity problem.

Bad Year for UK Retailers

UK retailers have had a difficult year on the cybersecurity front. Major names like Marks & Spencer, Co-op Group and Harrods were all hit by data breaches earlier in 2025, with reports linking the attacks to the hacking group known as Scattered Spider.

Just last week, the UK’s National Crime Agency (NCA) arrested a woman and three young men in connection with those same incidents. If those arrested are indeed members of Scattered Spider, it could mean law enforcement has begun dismantling part of the group’s UK operations.

But that leaves a question hanging over the latest breach at Louis Vuitton. The attack on its UK systems took place on July 2, days before the arrests were made. If those detained last week were responsible for the earlier retail breaches, were they also involved in the Louis Vuitton incident? Or does this point to another group still active?

It’s too early to say. Only ongoing investigations will clarify whether this is all connected or whether Louis Vuitton’s breach was carried out by a different set of attackers altogether.