Luxury fashion brand Dior has confirmed a cybersecurity breach affecting customers of its Fashion and Accessories division, with reports suggesting that individuals in South Korea and China were among those impacted.
The incident, discovered on May 7, 2025, involved unauthorized access to customer data by an external party.
In a statement to BleepingComputer, Dior emphasized that no passwords or payment card details were compromised, as financial information is stored in a separate, unaffected database. However, the breach did expose sensitive personal data, including:
- Full name
- Gender
- Phone number
- Email address
- Postal address
- Purchase history
While Dior has not disclosed the total number of affected users, official breach notices have been published on Dior’s Korean website, and Chinese customers have also received notifications.
“We immediately took steps to contain this incident,” a Dior spokesperson stated. “The confidentiality and security of our customers’ data is an absolute priority.”
The company is currently investigating the breach with the help of cybersecurity experts and is working to notify regulators and affected individuals under local laws.
