CDC A.I CyberSecurity Scoring
CDC
Company Information
Website:https://www.dior.com/carrieres/index.html
Employees number:15,708
Number of followers:1,935,179
NAICS:4483
Industry Type:Retail Luxury Goods and Jewelry
Homepage:dior.com
CDC Risk Score (AI oriented)
Between 0 and 549
CDCRetail Luxury Goods and Jewelry
Updated:
04/07/2026
04/07/2026
492/1000
Critical
C
CDC Global Score (TPRM)
xxxx
CDCRetail Luxury Goods and Jewelry
Score locked

CDCCritical
Current Score
492C (CRITICAL)
01000
8 incidents
-58 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
492
JUNE 2026
493
MAY 2026
478
APRIL 2026
471
MARCH 2026
498
Breach
12 Mar 2026 • CDC
Christian Dior Inc.: Christian Dior Data Breach Class Action Settlement
Christian Dior Data Breach Settlement
462
CRITICAL-36
CHR1773773151
Christian Dior Data Breach Settlement Offers Compensation to Affected U.S. Consumers
Christian Dior Inc. has reached a class action settlement following a January 2025 data breach that exposed sensitive customer information, including names, contact details, addresses, dates of birth, and in some cases, government IDs or Social Security numbers. The breach prompted a lawsuit alleging inadequate cybersecurity protections, though Dior denies any wrongdoing, opting to settle to avoid prolonged litigation.
Who Is Eligible?
The settlement covers U.S. individuals who received a breach notification from Christian Dior by mail or email. Two tiers of claimants exist:
- Tier 1: Those whose Social Security numbers were compromised.
- Tier 2: All other notified individuals whose SSNs were not exposed.
Compensation Details
Eligible class members may receive:
- Cash payments: Up to $1,500 for documented out-of-pocket losses (e.g., fraud-related expenses, credit monitoring fees, ID replacement costs) incurred between July 18, 2025, and March 11, 2026.
- Flat $100 payment: Tier 1 members can claim this without documentation.
- Credit monitoring: Two years of CyEx Financial Shield Complete, including $1 million in fraud insurance and identity theft monitoring.
Claim Process & Deadlines
Claims must be submitted by May 25, 2026, via an online form (using a unique ID/PIN from the notice) or a mailed PDF. Documented losses require receipts or bank statements, while flat payments and credit monitoring do not. Payouts will be distributed after final court approval, expected post-June 22, 2026, via PayPal, Venmo, Zelle, virtual prepaid cards, or check.
Settlement Fund Allocation
The fund covers administrative costs, up to $400,000 in attorneys’ fees, $5,000 in service awards for class representatives, and credit monitoring expenses, with remaining funds allocated to eligible claimants.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
607
Breach
11 Feb 2026 • CDC
Tiffany Korea, Louis Vuitton Korea and Christian Dior Couture Korea: Korean units of Louis Vuitton, Dior, Tiffany fined $24.9 mil. over customer data leaks
South Korea Fines Luxury Brands for Major Data Breaches
503
CRITICAL-104
TIFLVMCHR1770865579
South Korea Fines Luxury Brands $24.9M for Major Data Breaches
South Korea’s Personal Information Protection Commission (PIPC) has imposed a combined 36 billion won ($24.9 million) in fines on the Korean subsidiaries of Louis Vuitton, Dior, and Tiffany for failing to protect customer data from cyberattacks.
Louis Vuitton Korea received the largest penalty 21.4 billion won after hackers breached its systems on three occasions, exposing the personal data of 3.6 million customers, including names, phone numbers, and birth dates. The PIPC cited poor security practices for remote logins, which allowed an external actor to compromise an employee device.
Christian Dior Couture Korea was fined 12.2 billion won following a breach affecting 1.95 million users, where employees were tricked into granting system access to malicious actors. The company remained unaware of the incident for three months. Meanwhile, Tiffany Korea faced a 2.4 billion won fine after a breach exposed the data of 4,600 customers, including names and email addresses.
In a separate case, the PIPC penalized BKR (Burger King Korea) 924 million won for illegally collecting personal data from minors under 13 without guardian consent. MGC Global (Mega MGC Coffee) was fined 642 million won for sending unsolicited marketing messages to customers who had not opted in. Additionally, eight other food and beverage companies were fined for violating data protection laws.
The penalties highlight growing regulatory scrutiny over corporate data security and compliance with South Korea’s privacy laws.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
688
DECEMBER 2025
736
NOVEMBER 2025
735
OCTOBER 2025
733
SEPTEMBER 2025
708
Breach
01 Sep 2025 • CDC
Dior (Shanghai) Co., Ltd.
Dior Shanghai Administrative Penalty for Unlawful Cross-Border Transfer of Personal Information
674
HIGH-34
CHR1592715093025
In September 2025, Dior (Shanghai) was publicly sanctioned in China for unlawfully transferring personal information (PI) of Chinese users to its headquarters in France without complying with regulatory requirements. The violations included: - Failing to complete a cross-border data transfer security assessment, enter a standard contract, or obtain PI protection certification. - Not informing users adequately about overseas processing methods or obtaining their ‘separate consent’ before sharing data. - Lacking technical safeguards (e.g., encryption, de-identification) for collected PI. The breach was exposed after users received warning messages, triggering an investigation by China’s public security authority. While the penalty details were undisclosed, the case marked China’s first administrative penalty for illegal cross-border PI transfers, signaling stricter enforcement of the Personal Information Protection Law (PIPL). The incident underscored systemic compliance gaps in Dior’s data localization and security practices, risking reputational damage, regulatory scrutiny, and potential civil claims.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
708
MAY 2025
754
Ransomware
16 May 2025 • CDC
Dior and Marks & Spencer: Dior likely hit by ransomware attack
Dior Hit by Suspected Ransomware Attack, Customer Data Exposed
695
CRITICAL-59
CHRMAR1769504421
Dior Hit by Suspected Ransomware Attack, Customer Data Exposed
French luxury fashion house Dior has fallen victim to a suspected ransomware attack, with hackers gaining unauthorized access to internal servers and compromising sensitive customer data. The breach, still under investigation, appears to involve file-encrypting malware, though Dior has not confirmed whether a ransom demand was made.
The exposed data includes names, gender details, phone numbers, email and postal addresses, purchase history, and fashion preferences categorized by gender and age. While no financial information such as payment details or employee records was leaked, the stolen data poses risks for targeted phishing attacks, where cybercriminals could use personal details to craft convincing fraudulent messages.
Dior has responded by implementing security measures to contain the breach and prevent further spread of the malware. The company’s IT teams are conducting a full investigation and have committed to providing updates as new details emerge. Customers have been advised to monitor their accounts for suspicious activity, as the stolen data may be exploited in phishing schemes over the next 6 to 12 months.
The incident follows a recent wave of cyberattacks on major retail brands, including Marks & Spencer, Co-Op, and Harrods, linked to the "Scattered Spider" gang and the DragonForce ransomware group. While Dior has not attributed the attack to a specific threat actor, the breach underscores the growing focus of cybercriminals on retail data, which can be used for fraud, identity theft, or even targeted marketing by third parties.
As the investigation continues, the full impact of the breach remains unclear, though the exposure of personal details particularly shopping preferences raises concerns about long-term privacy risks.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MAY 2025
768
Cyber Attack
07 May 2025 • CDC
Dior
Dior Cyberattack Exposes Customer Data in China and South Korea
757
CRITICAL-11
CHR3163431111725
French luxury fashion brand Dior suffered a cyberattack on May 7, resulting in the exposure of customer data from its Chinese and South Korean operations. While account passwords and payment card details remained unaffected, the breach compromised personal information of customers, including: - China: Full names, gender, phone numbers, email addresses, postal addresses, and purchase histories. - South Korea: Contact details, purchase information, and shared preferences (e.g., product interests). The incident has triggered phishing risks for affected individuals, with Korean legislators criticizing Dior for delayed reporting to authorities. The attack’s scope is still under investigation, but the leaked data—though not financial—poses reputational and privacy risks, particularly given the high-profile nature of the brand and its customer base. Authorities and impacted users have been alerted, though the long-term consequences (e.g., fraud, regulatory penalties) remain unclear.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
797
Breach
26 Jan 2025 • CDC
Christian Dior Couture
Dior Customer Database Breach
764
CRITICAL-33
CHR706072225
Christian Dior Couture, a luxury fashion house owned by Louis Vuitton, experienced a significant cybersecurity incident that exposed sensitive personal information of its customers. The breach, discovered in May 2025, involved unauthorized access to customer databases containing personal data including names, addresses, dates of birth, and in some cases, Social Security numbers. The incident occurred on January 26, 2025, but was not detected until May 7, 2025. The affected database contained extensive personally identifiable information (PII) such as passport numbers, government-issued ID numbers, and Social Security numbers. No financial data was compromised, but the breach raised concerns about identity theft risks. Dior has implemented several remediation measures, including enhanced network security and complimentary credit monitoring services for affected customers.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
792
Breach
01 Jan 2025 • CDC
Japan Airlines, Tiffany, Dior, Volvo Group and Louis Vuitton: South Korea fines Louis Vuitton, Dior and Tiffany $24.9 million over customer data breaches
South Korea Fines Luxury Brands Over Data Breaches
695
CRITICAL-97
LOUPARVOLTIFJAP1770908674
South Korea Fines Luxury Brands $24.9 Million Over Data Breaches
South Korea’s privacy regulator has levied fines totaling 36 billion won ($24.9 million) against the Korean subsidiaries of Louis Vuitton, Dior, and Tiffany following separate data breaches that exposed millions of customers’ personal information. The penalties stem from investigations confirming unauthorized access to sensitive customer data, though specific details on the breaches’ scope and timing remain undisclosed.
The fines highlight growing regulatory scrutiny over data protection in South Korea, where authorities are enforcing stricter compliance with privacy laws. The incident underscores the financial and reputational risks for global brands handling large-scale consumer data.
In related cybersecurity developments, Japan Airlines reported that up to 28,000 customers were affected by unauthorized access to its baggage service system, while Volvo Group disclosed that 16,991 employees were impacted as part of a broader Conduent data breach, which has now exposed 25 million individuals. These incidents reflect the escalating threat landscape for both corporate and personal data security.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2024
836
Breach
01 Nov 2024 • CDC
Dior (Shanghai)
China Enforces New Cybersecurity Incident Reporting Rules with Strict Deadlines
795
CRITICAL-41
CHR2433224091625
Dior’s Shanghai branch was penalized for violating China’s cybersecurity and data protection laws by transferring customer data to its French headquarters without complying with mandatory legal requirements. The breach involved the unauthorized cross-border transfer of personal information, lacking the necessary security screening, customer disclosure, and encryption as mandated by Chinese regulations. The incident highlights systemic failures in data governance, exposing customers to potential privacy risks while undermining compliance with China’s strict data localization and protection frameworks. The case underscores the heightened scrutiny under China’s evolving cybersecurity policies, particularly ahead of the enforcement of the National Cybersecurity Incident Reporting Management Measures (effective November 1, 2024). While the article does not specify the volume of data or direct harm (e.g., financial fraud or identity theft), the unauthorized transfer alone constitutes a serious regulatory violation, aligning with China’s classification of incidents threatening social stability or national data security interests. The fine serves as a warning to multinational corporations operating in China, emphasizing the legal and reputational consequences of non-compliance with data sovereignty laws.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CDC ??
What was CDC's A.I Rankiteo Cyber Score in June 2026 ??
What was CDC's A.I Rankiteo Cyber Score in May 2026 ??
What was CDC's A.I Rankiteo Cyber Score in April 2026 ??
What was CDC's A.I Rankiteo Cyber Score in March 2026 ??
What was CDC's A.I Rankiteo Cyber Score in February 2026 ??
What was CDC's A.I Rankiteo Cyber Score in January 2026 ??
What was CDC's A.I Rankiteo Cyber Score in December 2025 ??
What was CDC's A.I Rankiteo Cyber Score in November 2025 ??
What was CDC's A.I Rankiteo Cyber Score in October 2025 ??
What was CDC's A.I Rankiteo Cyber Score in September 2025 ??
What was CDC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CDC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CDC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CDC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?