[News Space=Reporter seungwon lee] French luxury brand Louis Vuitton has officially acknowledged a customer personal information leak. Following the successive hacking incidents at major luxury brands under LVMH (Louis Vuitton Moet Hennessy), including Dior, Tiffany, and Cartier, earlier this year, a sense of security crisis is growing throughout the industry.

Accident Summary and Leakage Information

Louis Vuitton Korea announced on its website and via text message on July 4 that “on June 8, an unauthorized third party temporarily accessed our system, causing some customers’ names, genders, countries, phone numbers, email addresses, postal addresses, dates of birth, purchase and preference data to be leaked.”

The incident was only recognized on July 2, and the relevant authorities were immediately notified, and the entire system was being inspected, it explained.

It was confirmed that the leaked information did not include financial information such as passwords, credit cards, or bank accounts.

Louis Vuitton said, “We immediately implemented technical measures to block unauthorized access and prevent further damage immediately after the incident occurred.” It also emphasized to customers, “Please be especially careful of unexpected contacts or suspicious communications, and Louis Vuitton will never ask for your password.”

Luxury industry chain hacking… Dior, Tiffany, Cartier also hit one after another

This Louis Vuitton incident clearly shows the seriousness of personal information leaks in the global luxury industry. Dior was aware of the January hacking incident only in May and belatedly notified customers, and Tiffany also notified customers of the April leak in May. Cartier also notified customers of the leak in June.

Domestic luxury online platform 'Must It' also revealed that there was a possibility that some member information was leaked after two hacking attempts in May and June.

Why is luxury brand customer information a target for hackers?

Experts diagnose that personal information of luxury brand users is becoming a major target of hackers.

Lim Jong-in, professor emeritus of Korea University’s Graduate School of Information Security, explained, “Luxury goods user information is traded on the dark web for more than 10 times the price of general consumer information,” and “Since the size of the Korean luxury goods market is large on a global scale, hacking attempts aimed at financial gain are frequent.”

Customers of luxury brands provide detailed information such as their name, contact information, address, email, and purchase history for various reasons such as authentication, repair services, and resale. This makes the information of VIP customers with high purchasing power even more valuable to hackers.

Repeated lag and structural security vulnerabilities

This Louis Vuitton incident also had a time gap of nearly a month between the incident and the announcement. Dior and Tiffany also notified their customers several months after the hacking incident. Criticism is being raised that luxury brands are repeatedly responding slowly, despite the fact that they are required to report within 72 hours under the Personal Information Protection Act.

Security experts point out that luxury brands are structurally underinvesting in security, relying solely on external cloud services without an internal information security manager or dedicated department.

In fact, according to French consulting firm Wavestone, LVMH's annual cybersecurity budget is 0.8% of sales, which is significantly lower than global companies such as JP Morgan Chase (2.1%) and IBM (3.4%).

Personal Information Protection Commission Launches Full-Scale Investigation of LVMH Affiliates

The Personal Information Protection Commission began investigating the personal information leaks at Dior and Tiffany on June 1, and also announced additional measures for LVMH affiliates including Cartier and Louis Vuitton.

In particular, we are intensively investigating the fact that it took a considerable amount of time from the accident occurrence to reporting and notification to individual information subjects, and whether technical and administrative safety measures were implemented. If violations of the law are confirmed, penalties such as fines and surcharges will be imposed.

The challenge left for the luxury industry and consumers

This series of hacking incidents has led to growing calls for a fundamental reexamination of the luxury industry’s security awareness, investment, and crisis response systems. Experts advise that “luxury brands should prioritize customer trust and confidentiality, and a quick and transparent response in the event of an accident is key to restoring consumer trust.”

It is important to keep in mind that the personal information of VIP customers who purchase high-priced products is a sensitive asset that goes beyond simple contact information.

If luxury brands are to avoid repeated criticisms that they are only focused on raising prices and neglecting personal information protection, it is time to significantly expand investment in security systems and specialized personnel.