Louis Vuitton says regional data breaches tied to same cyberattack

Update 7/17/25: Updated story with links to breach notifications for Italy and Sweden as well.

Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group.

Since last week, the retailer has been notifying customers that their info was exposed in a data breach, first in South Korea, then in Turkey, and on Friday in the United Kingdom. After publishing, BleepingComputer learned that notifications also went to customers in Italy and Sweden.

"Despite all security measures in place, on July 2, 2025, we became aware of a personal data breach resulting from the exfiltration of certain personal data of some of our clients following an unauthorized access to our system," reads Louis Vuitton's data breach notifications sent to customers.

"We would like to assure you that our cybersecurity teams have taken care of the incident with the utmost diligence and attention. Technical measures were immediately taken to contain the incident after its occurence, notably by blocking the unauthorized access.

"Louis Vuitton teams are mobilized to cooperate with the competent authorities which have been notified, including the Information Commissioner's Office (the ICO)."

In a statement to BleepingComputer, Louis Vuitton confirmed that no payment information was compromised from the database accessed during the incident.

The company further stated that it is working with cybersecurity experts to investigate the incident and has begun notifying relevant regulators.

When asked if the breach notifications in the different regions are linked to the same security incident, BleepingComputer was told that their statement applies to all notifications sent to clients.

This incident follows similar breaches disclosed by Tiffany & Co. in April and House of Dior in May, affecting customers in South Korea.

When BleepingComputer asked if the Louis Vuitton and Dior breaches were part of the same cyberattack, a LVMH spokesperson said there was no additional information they could share at this time.

However, sources have told BleepingComputer that the LVMH breaches are linked to an attack by the ShinyHunters extortion group, which gained access and stole data from a third-party vendor's database.

This same attack is also believed to be tied to a data breach at Adidas disclosed in May that also impacted customers from South Korea and Turkey.

ShinyHunters is a prolific threat actor tied to numerous data theft campaigns, including those against Salesforce and PowerSchool, as well as the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance.

Last month, French police arrested five operators of the BreachForum cybercrime forum, which included ShinyHunters members, who had helped re-launch the hacking forum.

However, it is believed that other members of the group are still at large, so other attacks may appear under that alias in the future.

BleepingComputer contacted Louis Vuitton to ask if ShinyHunters was behind its breach but did not receive a response at this time.