Tiffany Korea, Louis Vuitton Korea and Christian Dior Couture Korea: Korean units of Louis Vuitton, Dior, Tiffany fined $24.9 mil. over customer data leaks

South Korea Fines Luxury Brands $24.9M for Major Data Breaches

South Korea’s Personal Information Protection Commission (PIPC) has imposed a combined 36 billion won ($24.9 million) in fines on the Korean subsidiaries of Louis Vuitton, Dior, and Tiffany for failing to protect customer data from cyberattacks.

Louis Vuitton Korea received the largest penalty 21.4 billion won after hackers breached its systems on three occasions, exposing the personal data of 3.6 million customers, including names, phone numbers, and birth dates. The PIPC cited poor security practices for remote logins, which allowed an external actor to compromise an employee device.

Christian Dior Couture Korea was fined 12.2 billion won following a breach affecting 1.95 million users, where employees were tricked into granting system access to malicious actors. The company remained unaware of the incident for three months. Meanwhile, Tiffany Korea faced a 2.4 billion won fine after a breach exposed the data of 4,600 customers, including names and email addresses.

In a separate case, the PIPC penalized BKR (Burger King Korea) 924 million won for illegally collecting personal data from minors under 13 without guardian consent. MGC Global (Mega MGC Coffee) was fined 642 million won for sending unsolicited marketing messages to customers who had not opted in. Additionally, eight other food and beverage companies were fined for violating data protection laws.

The penalties highlight growing regulatory scrutiny over corporate data security and compliance with South Korea’s privacy laws.

Source: https://www.koreatimes.co.kr/business/companies/20260212/korean-units-of-louis-vuitton-dior-tiffany-fined-249-mil-over-customer-data-leaks

Tiffany Korea TPRM report: https://www.rankiteo.com/company/tiffany-and-co

Louis Vuitton Korea TPRM report: https://www.rankiteo.com/company/lvmh

Christian Dior Couture Korea TPRM report: https://www.rankiteo.com/company/christian-dior-couture

"id": "tiflvmchr1770865579",
"linkid": "tiffany-and-co, lvmh, christian-dior-couture",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '3.6 million',
                        'industry': 'Luxury Retail',
                        'location': 'South Korea',
                        'name': 'Louis Vuitton Korea',
                        'type': 'Subsidiary'},
                       {'customers_affected': '1.95 million',
                        'industry': 'Luxury Retail',
                        'location': 'South Korea',
                        'name': 'Christian Dior Couture Korea',
                        'type': 'Subsidiary'},
                       {'customers_affected': '4,600',
                        'industry': 'Luxury Retail',
                        'location': 'South Korea',
                        'name': 'Tiffany Korea',
                        'type': 'Subsidiary'}],
 'attack_vector': ['Phishing', 'Compromised Employee Device'],
 'data_breach': {'number_of_records_exposed': ['3.6 million',
                                               '1.95 million',
                                               '4,600'],
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Personally Identifiable Information '
                                        '(PII)',
                 'type_of_data_compromised': ['Names',
                                              'Phone Numbers',
                                              'Birth Dates',
                                              'Email Addresses']},
 'description': 'South Korea’s Personal Information Protection Commission '
                '(PIPC) imposed fines totaling 36 billion won ($24.9 million) '
                'on the Korean subsidiaries of Louis Vuitton, Dior, and '
                'Tiffany for failing to protect customer data from '
                'cyberattacks. Louis Vuitton Korea was fined 21.4 billion won '
                'after hackers breached its systems three times, exposing 3.6 '
                "million customers' data. Dior Korea was fined 12.2 billion "
                'won for a breach affecting 1.95 million users, and Tiffany '
                "Korea was fined 2.4 billion won for exposing 4,600 customers' "
                'data.',
 'impact': {'brand_reputation_impact': True,
            'data_compromised': True,
            'financial_loss': '36 billion won ($24.9 million) in fines',
            'identity_theft_risk': True,
            'legal_liabilities': True},
 'investigation_status': 'Completed',
 'post_incident_analysis': {'root_causes': ['Poor security practices for '
                                            'remote logins',
                                            'Phishing attacks']},
 'references': [{'source': 'Personal Information Protection Commission '
                           '(PIPC)'}],
 'regulatory_compliance': {'fines_imposed': '36 billion won ($24.9 million)',
                           'regulations_violated': 'South Korea’s Personal '
                                                   'Information Protection '
                                                   'Act'},
 'threat_actor': 'External Actor',
 'title': 'South Korea Fines Luxury Brands for Major Data Breaches',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Poor security practices for remote logins'}