- Dior begins sending letters about violation of messages after attack
- It explained what happened and what data was stolen
- The company encourages customers to stay in high attention to phishing and ID -theft
Global Fashion Powerhouse Dior has begun sending data on data violation violation to customers affected by a cyberattack in January 2025.
They outlined the customers what happened, what kind of data was taken and what it did to contain the incident.
It also offered free identity theft and credit monitoring services for 24 months through Experian Identity Works SM Credit Monitoring.
Korean and Chinese targets
The incident took place on January 26, 2025, but was first discovered on May 7th. Dior responded by notifying the police and bringing in third -party experts to assess the situation.
Analysts decided that the threat actors were given access to a database containing customer information, including full names, contact information, postal addresses, birth dates, passports and government -id numbers and social security number (SSN).
The combination of information stolen varies from person to person, but Dior emphasized that payment information, including bank account or payment card information, was not stolen as it was not in the database to begin with.
In response to the attack “improved the company” improved network security “without going into.
Unfortunately, the damage was already done and attackers now have plenty of information to use in targeted attacks. Information such as names, e -mail addresses, birth dates, and government -ID -Information can be used to create custom, compelling phishing -attacks, especially since attackers know that the victims are Dior customers.
Dior also knows this, and that is why the letter also recommends users “remain alert for events with fraud and identity theft”.
“We also recommend that you continue to review your financial accounts, bank statements and free credit reports for any suspicious activity.”
This seems to have been an international incident as at least Korean and Chinese customers appear to have been affected. In South Korea, Dior could face a lawsuit in order not to notify relevant authorities. Currently, no threat actors have taken responsibility for the attack and the stolen data has not appeared on the dark web.
Via Bleeping computer
