South Korea Fines Luxury Brands $24.9M for Major Data Breaches South Korea’s Personal Information Protection Commission (PIPC) has imposed a combined 36 billion won ($24.9 million) in fines on the Korean subsidiaries of Louis Vuitton, Dior, and Tiffany for failing to protect customer data from cyberattacks. Louis Vuitton Korea received the largest penalty 21.4 billion won after hackers breached its systems on three occasions, exposing the personal data of 3.6 million customers, including names, phone numbers, and birth dates. The PIPC cited poor security practices for remote logins, which allowed an external actor to compromise an employee device. Christian Dior Couture Korea was fined 12.2 billion won following a breach affecting 1.95 million users, where employees were tricked into granting system access to malicious actors. The company remained unaware of the incident for three months. Meanwhile, Tiffany Korea faced a 2.4 billion won fine after a breach exposed the data of 4,600 customers, including names and email addresses. In a separate case, the PIPC penalized BKR (Burger King Korea) 924 million won for illegally collecting personal data from minors under 13 without guardian consent. MGC Global (Mega MGC Coffee) was fined 642 million won for sending unsolicited marketing messages to customers who had not opted in. Additionally, eight other food and beverage companies were fined for violating data protection laws. The penalties highlight growing regulatory scrutiny over corporate data security and compliance with South Korea’s privacy laws.

In July 2025, luxury fashion brand Louis Vuitton confirmed a data breach affecting thousands of its customers. The incident exposed highly sensitive personal information, including names, contact details, and purchase histories. While the exact scale of the breach remains undisclosed, the leaked data—particularly transaction records and customer profiles—poses severe risks. Criminals could exploit this information for targeted phishing attacks, identity theft, or financial fraud, especially given the brand’s high-net-worth clientele. The breach underscores vulnerabilities in third-party data-sharing practices, as retailers often store and share customer data with minimal oversight. Though no ransomware was involved, the exposure of personal and financial details linked to luxury purchases heightens the potential for reputation damage, fraudulent activity, and long-term trust erosion. The breach aligns with broader trends in 2025, where stolen account data—including 6.8 million records earlier in the year—fueled underground markets for identity exploitation.

South Korea Fines Luxury Brands $24.9 Million Over Data Breaches South Korea’s privacy regulator has levied fines totaling 36 billion won ($24.9 million) against the Korean subsidiaries of Louis Vuitton, Dior, and Tiffany following separate data breaches that exposed millions of customers’ personal information. The penalties stem from investigations confirming unauthorized access to sensitive customer data, though specific details on the breaches’ scope and timing remain undisclosed. The fines highlight growing regulatory scrutiny over data protection in South Korea, where authorities are enforcing stricter compliance with privacy laws. The incident underscores the financial and reputational risks for global brands handling large-scale consumer data. In related cybersecurity developments, Japan Airlines reported that up to 28,000 customers were affected by unauthorized access to its baggage service system, while Volvo Group disclosed that 16,991 employees were impacted as part of a broader Conduent data breach, which has now exposed 25 million individuals. These incidents reflect the escalating threat landscape for both corporate and personal data security.