Dior has confirmed a data breach affecting Chinese customer data, underscoring rising cybersecurity risks in fashion. As luxury and high street brands alike face growing threats, data protection is becoming a critical priority in the industry’s digital evolution.
The breach, which Dior reportedly discovered on 7 May, involved unauthorised access to a customer database containing non-financial personal data. This included names, gender, phone numbers and other voluntarily shared information. Crucially, no banking or payment information was compromised, according to statements shared by the brand.
Dior issued a statement that read: “We are in the process of informing customers where necessary. The confidentiality and security of our customer data is an absolute priority for the House of Dior. We deeply regret any concern or inconvenience this matter may cause our customers.”
Customers in mainland China were notified of the breach via text message earlier this week, with Dior assuring them that it had moved swiftly to contain the incident. The brand is now working with cybersecurity experts and has reported the issue to relevant regulators as part of its ongoing investigation.
The breach comes at a time when parent company LVMH is navigating a challenging environment in the Chinese luxury market. Last month, the owner of Louis Vuitton, Dior and Loewe to name a few, reported a 3% year-on-year decline in Q1 to €20.3 billion (£17.4 billion), with sales in China (excluding Japan) falling by 11%. The timing of the breach could add further pressure to Dior and other luxury houses heavily reliant on China for growth.
British retailer Marks & Spencer has also disclosed a cyber attack affecting its operations. While the retailer’s physical stores remain open, its online business has been disrupted for over three weeks, reportedly due to a ransomware attack.
In its latest update earlier this week, the retailer urged customers to “stay vigilant” for scams and fraud after it confirmed some personal data had been stolen in a cyber attack. The British department store said on Tuesday that data that could have been accessed includes names, email addresses, postal addresses and dates of birth, but stressed the data does not include payment or card details, or account passwords and is not believed to have been shared online.
Matt Hull, Head of Threat Intelligence at cyber security firm NCC Group, said: “Despite the absence of financial data or passwords, threat actors could potentially use the stolen information to launch targeted social engineering attacks.
“Stay vigilant for phishing messages pretending to be from M&S or other companies you’ve dealt with. These attackers might use the leaked M&S information to craft very convincing scams.”
Following the attack on M&S, Harrods was also targeted by cyber hackers. A spokesperson for Harrods told Sky News: “We recently experienced attempts to gain unauthorised access to some of our systems.
“Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today.
“Currently, all sites, including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers.”