In December 2021, Moncler Korea suffered a cyberattack where hackers compromised an administrator account and installed malware on the company’s servers, leading to a large-scale data breach. The incident exposed the purchase-related personal details of approximately 230,000 South Korean customers, though sensitive data such as names, dates of birth, emails, and card numbers were reportedly not leaked. The breach went undetected for a month before Moncler Korea identified it, and the company further delayed notifying both affected customers and the Personal Information Protection Commission (PIPC). As a result, South Korea’s regulatory authority imposed an 88 million won ($63,200) fine on the company for failing to secure customer data and for the delayed response. The attack highlights vulnerabilities in administrative access controls and incident response protocols, emphasizing the risks of malware-based intrusions and the importance of timely breach disclosure under data protection laws.
Source: https://dig.watch/updates/moncler-korea-fined-over-customer-data-breach
TPRM report: https://www.rankiteo.com/company/otb-
"id": "otb1932219091225",
"linkid": "otb-",
"type": "Cyber Attack",
"date": "12/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '230,000',
'industry': 'Luxury Fashion/Retail',
'location': 'South Korea',
'name': 'Moncler Korea',
'type': 'Subsidiary'}],
'attack_vector': 'Compromised Administrator Account, Malware Installation',
'customer_advisories': 'Delayed notification',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '230,000',
'personally_identifiable_information': 'No (names, dates of '
'birth, emails, card '
'numbers not included)',
'sensitivity_of_data': 'Moderate (no highly sensitive PII '
'exposed)',
'type_of_data_compromised': 'Purchase-related data'},
'date_detected': '2022-01',
'date_publicly_disclosed': '2025-09-12',
'description': 'South Korea’s Personal Information Protection Commission '
'fined Moncler Korea 88 million won ($63,200) over a '
'large-scale customer data breach. A cyberattack in December '
'2021 exposed the personal details of about 230,000 customers. '
'Hackers gained access by compromising an administrator '
'account and installing malware on the company’s servers. The '
'stolen information included purchase-related data, but not '
'names, dates of birth, emails, or card numbers. Moncler Korea '
'became aware of the breach a month later and delayed '
'reporting it to customers and the regulator.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'delayed disclosure',
'data_compromised': 'Purchase-related data (excluding names, dates '
'of birth, emails, card numbers)',
'financial_loss': '88 million KRW ($63,200 fine)',
'identity_theft_risk': 'Low (no PII like names, dates of birth, or '
'card numbers exposed)',
'legal_liabilities': 'Fine imposed by Personal Information '
'Protection Commission',
'payment_information_risk': 'None (card numbers not part of the '
'leak)'},
'initial_access_broker': {'entry_point': 'Compromised administrator account'},
'investigation_status': 'Completed (fine imposed)',
'post_incident_analysis': {'root_causes': 'Compromised administrator '
'credentials, delayed breach '
'detection and reporting'},
'references': [{'date_accessed': '2025-09-12',
'source': 'Diplo (via article snippet)'}],
'regulatory_compliance': {'fines_imposed': '88 million KRW ($63,200)',
'regulations_violated': 'South Korea Personal '
'Information Protection Act '
'(PIPA)',
'regulatory_notifications': 'Delayed notification '
'to Personal '
'Information Protection '
'Commission'},
'response': {'communication_strategy': 'Delayed disclosure to customers and '
'regulator'},
'title': 'Moncler Korea Customer Data Breach (2021)',
'type': 'Data Breach'}