The luxury fashion powerhouse Louis Vuitton has disclosed a significant data breach affecting customers in the UK, South Korea, and Turkey, all traced to a singular security incident linked to the ShinyHunters extortion group. The retailer began notifying affected customers last week, initially focusing on South Korea, followed by notifications in Turkey, and extending to the UK shortly after.
A statement from Louis Vuitton outlined the breach, stating, “On July 2, 2025, we became aware of a personal data breach resulting from unauthorized access to our system, which resulted in the exfiltration of certain personal data belonging to some clients.” The company assured users that cybersecurity teams were deployed swiftly to contain the breach, implementing measures to block unauthorized access.
In response to inquiries about the breach’s specifics, Louis Vuitton confirmed to BleepingComputer that no payment information was involved. The company emphasized its commitment to rectifying the situation and is currently working with cybersecurity experts to investigate the incident while also notifying relevant regulatory bodies.
When questioned about the interconnectedness of breach notifications across various regions, Louis Vuitton confirmed that all related alerts pertain to the same security event. This data breach follows similar incidents reported by Tiffany & Co. and the House of Dior, both of which also impacted customers in South Korea, raising concerns about a broader trend among luxury brands.
While speculation persists regarding whether these breaches are part of a coordinated attack, a spokesperson for LVMH, the parent company of Louis Vuitton, declined to provide additional details. However, sources indicate that the incursions are linked to actions by the ShinyHunters group, which reportedly acquired data from a third-party vendor’s database, amplifying the severity of the situation.
This breach is also suspected to be connected to a recent data compromise at Adidas, which similarly affected customers in South Korea and Turkey. The ShinyHunters group has a notorious reputation for executing data theft operations against various high-profile organizations, including Salesforce and AT&T, employing tactics that align with several techniques outlined in the MITRE ATT&CK framework.
Relevant tactics that may have been employed in this incident could include initial access, indicating how attackers infiltrate systems; privilege escalation, which allows them to gain higher levels of access; and exfiltration, where stolen data is removed from the target’s network. These methods highlight the alarming capabilities of modern threat actors and underline the need for robust cybersecurity measures.
In a related development, French authorities recently arrested five individuals linked to the BreachForum cybercrime platform, including members of ShinyHunters, although many remain at large, posing ongoing risks. BleepingComputer has reached out to Louis Vuitton for a definitive comment regarding ShinyHunters’ involvement but has yet to receive a response.
The ongoing situation with Louis Vuitton serves as a critical reminder to businesses in all sectors about the significance of maintaining vigilant cybersecurity practices and the potential repercussions of data breaches. As the landscape evolves, remaining informed and prepared against an array of cyber threats has never been more crucial.
