Dior begins sending data breach notifications following major cyber incident

News
By published

Customers are being notified of the January attack

Dior store
(Image credit: Shutterstock) (Image credit: Shutterstock / Sergio Delle Vedove)
  • Dior begins sending out breach notification letters following attack
  • It explained what happened and what data was stolen
  • The company is urging customers to stay on high alert for phishing and ID theft

Global fashion powerhouse Dior has begin sending out data breach notification letters to customers impacted by a January 2025 cyberattack.

The outlined to customers what happened, what kind of data was taken, and what it did to contain the incident.

It also offered free identity theft and credit monitoring services for 24 months, through Experian Identity Works SM credit monitoring.

Korean and Chinese targets

The incident occurred on January 26, 2025, but was only discovered on May 7. Dior responded by notifying the police, and bringing in third-party experts to assess the situation.

The analysts determined the threat actors accessed a database containing customer information, including full names, contact information, postal addresses, dates of birth, passport and government ID numbers, and Social Security numbers (SSN).

The combination of information stolen varies from person to person, but Dior stressed that payment information, including bank account or payment card information, was not stolen since it wasn’t in the database to begin with.

In response to the attack, the company “enhanced network security” without going into further details.

Unfortunately, the damage was already done, and the attackers now have plenty of information to use in targeted attacks. Information such as names, email addresses, dates of birth, and government ID information, can be used to create customized, convincing phishing attacks, especially since the attackers know the victims are Dior customers.

Dior knows this too, which is why in the letter it also recommends users “remain vigilant for incidents of fraud and identity theft”.

“We also recommend that you continue to review your financial accounts, account statements, and free credit reports for any suspicious activity.”

This seems to have been an international incident, since at least Korean and Chinese customers seem to have been impacted. In South Korea, Dior could be facing a lawsuit for not properly notifying relevant authorities. Currently, no threat actors have claimed responsibility for the attack, and the stolen data has not emerged on the dark web.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.