Louis Vuitton’s UK division has disclosed a data breach that may have exposed sensitive personal information of its customers, joining a growing list of major UK retailers impacted by cyberattacks in recent months.
The incident came to light after screenshots of the breach notification email began circulating on social media platform X. The company confirmed that it discovered the breach on July 2 and has since started alerting affected individuals.
According to the notice, a wide range of personally identifiable information (PII) may have been compromised. This includes names, gender, country of residence, phone numbers, email and postal addresses, date of birth, purchase history, and preference data.
“Given the nature of the data involved, we warmly recommend that you remain vigilant against any unsolicited communication or other suspicious correspondence, including emails, phone calls or text messages,” Louis Vuitton stated in its alert to customers.
The company added that there’s no evidence yet of misuse, but warned recipients about possible phishing or fraud attempts.
The breach has been reported to the UK’s Information Commissioner’s Office (ICO), which oversees data protection compliance.
This disclosure follows another security incident affecting Louis Vuitton’s South Korean operations just last week. Additionally, two other brands under the LVMH group—Christian Dior Couture and Tiffany—have also experienced data breaches this year, both of which remain under government investigation since May.
Louis Vuitton’s breach is part of a wider trend of retail sector cyber incidents in the UK. M&S, Co-op, Harrods, and Adidas have all been targeted in the past year. Notably, four individuals were arrested recently in connection with the M&S, Harrods, and Co-op hacks. Arrests included a 17-year-old British male and a 19-year-old Latvian in the West Midlands, a 20-year-old woman in Staffordshire, and another 19-year-old man in London.
Commenting on the incident, Thomas Richards, infrastructure security practice director at Black Duck, said that even in the absence of financial data theft, the risks are real:
“They could attempt to pose as customers and get more information from Louis Vuitton’s customer support team,” Richards explained. “Malicious emails could be sent to the victims pretending to be LV in an attempt to gain login or financial information.”
He warned that victims should be cautious of sudden messages urging immediate action, especially those claiming to be from Louis Vuitton.
“The pattern of other LVMH regionals being compromised in similar ways might be indicative of a larger problem,” Richards noted. “The breach might not be fully contained, or these business units use similar technology and systems that have a vulnerability in it.”
He added that LVMH should perform a group-wide security assessment to identify any systemic vulnerabilities and prevent further breaches.
