Yes, it was. The luxury brand Dior, founded by French designer Christian Dior, was hacked earlier this year. The luxury powerhouse, which is part of the LVMH (Moët Hennessy Louis Vuitton) group, has begun notifying its customers that in January, hackers stole personal information belonging to Dior customers. The French fashion house confirmed in a statement that bad actors had been lurking in their networks on January 26th, but the brand was not aware of the incident for months. In May 2025, the loophole was discovered and patched. Dior believes that hackers only accessed the information on January 26th, and they never returned for more.
Dior hacked: Key takeaways
- Dior was hacked on January 26th, 2025, and the breach was discovered in May 2025. Customers started receiving Notice of Breach letters in June 2025.
- The stolen information included sensitive details such as Social Security Numbers (SSNs) and government-issued ID numbers.
- The answer to questions about the data breach remains a mystery, despite it having been months since the cyber incident was discovered.
- The luxury brand offers free credit monitoring services and other perks to the affected victims.
What information was included in the data breach?
The stolen data consists of personal details belonging to Dior’s Fashion and Accessories customers. The database breached by the cybercriminals contained full names, addresses, and contact information, including email addresses and phone numbers. It also included government-issued ID numbers, such as passports and driver’s license information. The databases even had extremely sensitive information such as SSNs.
However, in the notice of data breach distributed to affected customers, Dior claims that the leaked SSNs were in a “small number of cases”. The luxury brand generates over $10 billion annually and has a vast number of clients, so a “small number of cases” could still be substantial. On a positive note, there is no confirmation that the hackers have stolen any credit card details or other financial information belonging to the victims. There is also no evidence that the stolen data has been used for malicious purposes yet.
Who is responsible for the attack, and how many people are affected?
Dior has stated that cyber experts continue to investigate and respond to the breach, which likely explains why many aspects of the breach remain unknown. The perpetrators behind the attack have yet to be identified. There is no confirmation on the number of people affected by the cyber incident.
There is not much evidence whether the victims are only from the USA, South Korea, and China, or whether people from other countries are also included. Samples of the stolen database have not yet been seen on the Dark Web. There are no reports on what exactly was wrong with the networks, nor how Dior discovered the accident.
What can you do if you are affected?
Phishing attempts will likely follow after the stolen database falls into the hands of malicious actors. The list is likely very valuable to cybercriminals, as it contains the details of individuals with substantial bank accounts. In its Notice of Data Breach letter to customers, the luxury brand offers complimentary access to identity theft monitoring tools and advises customers to remain vigilant for any suspicious activity. They also advise people to monitor the free credit reports provided by credit bureaus.
No one is immune to cyberattacks, not even the brands that make billions of dollars and are part of the portfolio of one of the wealthiest men on earth, Bernard Arnault. Sometimes, companies are unaware that they have been hacked, or it may take them months, and in some cases, even years, to discover that their networks have been compromised. Having reliable antivirus software and regularly monitoring credit reports is essential.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
