Data Breach: Dior Informs Clients About Unauthorized Data Access in Cyber Incident
In a significant cybersecurity incident, luxury fashion house Dior has confirmed a data breach, affecting specific numbers of individuals in certain U.S. states and other regions. The breach, which was first detected by Dior on May 7 and traced back to January 26, 2025, saw unauthorized access to a database containing personal information of Dior customers across various locations, including the U.S.
The compromised data includes names, addresses, contact details, dates of birth, passport/government ID numbers, and, in some cases, Social Security numbers. Crucially, no payment information such as credit card or bank details was accessed.
According to official filings, approximately 9,716 individuals in Texas and 10,878 individuals in Washington had their data compromised during the incident. However, the exact number of affected individuals specifically in California or the UK, as well as the total number of affected individuals globally, has not been publicly confirmed by Dior.
The Information Commissioner’s Office (ICO) in the UK has acknowledged receiving a report from Dior and is currently assessing the situation, but has not revealed figures. Similarly, Dior has not responded to questions regarding the incident.
The ICO was also asked if it has had any word from Dior regarding the breach, but no further information has been disclosed.
The attack on Dior is believed to be the work of ShinyHunters, a prolific data-slurping crew known for digital burglaries at various tech firms and fashion brands. Intriguingly, the attack on Louis Vuitton, another LVMH-owned fashion house, is also suspected to be the work of ShinyHunters.
Following the breach, Dior has beefed up security and notified law enforcement. The fashion house is advising its affluent customers to keep an eye on their inboxes and report any suspicious activity.
**Summary Table:**
| Location | Number of Affected Individuals | |--------------|-------------------------------| | Texas | 9,716 | | Washington | 10,878 | | California | Not disclosed publicly | | UK | Not disclosed publicly | | US (total) | Not disclosed publicly |
As the investigation continues, it remains unclear to what extent UK-based Dior customers were affected. The global tally could be significantly higher, with the precise figures for Texas and Washington providing a glimpse into the potential scale of the breach.
Following publication of this article, the ICO has made a statement on the Dior incident, promising to take appropriate action to protect the data of UK citizens. Dior continues to work closely with authorities to mitigate the impact of this cyberattack.
- The security measures at Dior have been strengthened following the data breach, and they are urging their customers, particularly those in the UK, to remain vigilant for any suspicious activity in their inboxes.
- The attack on Dior, which compromised personal data of thousands of individuals in Texas and Washington, is believed to be the work of the cybercrime group, ShinyHunters, also suspected of attacking Louis Vuitton.
- As the investigation into the Dior data breach unfolds, there is a growing concern about the potential number of affected individuals globally, with only the figures for Texas and Washington publicly disclosed so far, suggesting the breach could be far more extensive.
