Skip to content
Data breachContained

Leak at Dior

On 13 May 2025, luxury fashion house Christian Dior Couture (LVMH) began notifying customers — first in Asia — that an intrusion discovered on 7 May exposed names, contact details, purchase histories and marketing preferences; no bank or payment-card data was affected.

Victim
Dior

On 13 May 2025, Dior — the Christian Dior Couture luxury fashion house, part of the LVMH group — began notifying customers that an unauthorized third party had accessed some of their personal data. The alerts first reached clients in Asia, notably China and South Korea, before the breach was disclosed more widely.

Dior discovered the intrusion on 7 May 2025. According to subsequent reporting the underlying compromise dated back to 26 January 2025, leaving the attacker undetected for more than three months. The access was attributed in press coverage to the ShinyHunters extortion group, which reached the customer data through a compromised database rather than Dior's payment systems.

Exposed data categories included:

  • Full names
  • Email and postal addresses
  • Telephone numbers
  • Purchase history and marketing preferences

Dior stressed that no banking or financial data — payment-card numbers, IBANs or similar — was held in the affected database. The company said it had contained the incident, engaged external cybersecurity specialists and notified the relevant authorities; affected customers in some regions were later offered complimentary credit-monitoring and identity-theft protection. The breach drew regulatory scrutiny, including in China and South Korea, given the volume of personal data involved.

Sources

  1. lemonde.frhttps://www.lemonde.fr/pixels/article/2025/05/13/dior-victime-d-un-vol-de-donnees-personnelles-de-clients_6605835_4408996.html
  2. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/dior-begins-sending-data-breach-notifications-to-us-customers/
  3. fr.fashionnetwork.comhttps://fr.fashionnetwork.com/news/Dior-victime-d-une-cyberattaque-sur-certaines-donnees-de-clients-non-financieres-,1730234.html

Related incidents

Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik