Louis Vuitton has confirmed that multiple regional data breaches affecting customers in the UK, South Korea, Turkey, Italy, and Sweden are all tied to the same cybersecurity incident. The announcement comes amid a series of customer notifications issued over the past week, as the company works to contain the breach and investigate its origins.
“Despite all security measures in place, on July 2, 2025, we became aware of a personal data breach resulting from the exfiltration of certain personal data of some of our clients following an unauthorized access to our system,”
—Louis Vuitton, in breach notification letters to customers
The breach was initially disclosed in South Korea, followed by similar notices in Turkey and the United Kingdom. BleepingComputer has also confirmed that additional customers in Italy and Sweden have also been notified.
In its public statement, the luxury retailer emphasized that no payment information was compromised in the incident. The exposed data appears limited to personal customer information. Louis Vuitton stated that its cybersecurity teams responded swiftly after the breach was detected:
“Technical measures were immediately taken to contain the incident after its occurrence, notably by blocking the unauthorized access,”
—Louis Vuitton
The company has begun notifying relevant regulators, including the UK Information Commissioner’s Office (ICO), and is working with cybersecurity experts to investigate the matter further. When asked if the customer notifications sent across different regions were tied to the same breach, Louis Vuitton confirmed that the same security incident underlies all the notices.
While the company has not officially confirmed the involvement of any threat actor, sources said that the ShinyHunters extortion group is believed to be behind the breach. The group allegedly gained access through a third-party vendor’s database, a method consistent with its previous tactics.
This incident follows earlier breaches at Tiffany & Co. in April and House of Dior in May—both part of the LVMH luxury group and both affecting customers in South Korea. When asked if these breaches were connected, a spokesperson for LVMH declined to provide further details.
The attack is also believed to be linked to a breach at Adidas, disclosed in May, which affected customers in South Korea and Turkey—again pointing to a coordinated campaign by ShinyHunters.
The ShinyHunters group is associated with a string of major data theft operations, including recent attacks on Salesforce, PowerSchool, and Snowflake, the latter affecting companies like Santander, Ticketmaster, AT&T, Neiman Marcus, and Cylance.
Last month, French authorities arrested five individuals tied to BreachForum, a well-known cybercrime marketplace, including some ShinyHunters operators. However, experts believe that several group members remain active.
Louis Vuitton did not respond to further inquiries regarding ShinyHunters’ possible involvement. The company continues to monitor the situation and has reiterated its commitment to protecting client data.
