- Dior is starting to send letters of notification of violation after attack
- He explained what happened and what data was stolen
- The company urges customers to remain on alert for phishing and identity theft
Global Fashion Powerhouse Dior began to send letters of data violation to customers affected by a cyber attack in January 2025.
The described to customers what happened, what type of data was taken and what it did to contain the incident.
He also offered free identity flight and credit services for 24 months, via Experian Identity Works SM Credit Suiving.
Korean and Chinese targets
The incident occurred on January 26, 2025, but was only discovered on May 7. Dior responded by advancing the police and using third -party experts to assess the situation.
Analysts determined that threat stakeholders have accessed a database containing customer information, including complete names, contact details, postal addresses, birth dates, passport identification numbers and government and social security numbers (SSN).
The combination of stolen information varies from person to person, but Dior stressed that payment information, including bank account or payment card information, was not stolen because they were not in the database to start.
In response to the attack, the company “improved network security” without going into other details.
Unfortunately, the damage has already been caused and the attackers now have a lot of information to use in targeted attacks. Information such as names, email addresses, birth dates and government identification information can be used to create personalized and convincing phishing attacks, especially since attackers know that victims are Dior customers.
Dior also knows, which is why in the letter, he also recommends that users “to remain vigilant for fraud and identity theft incidents”.
“We also recommend that you continue to consult your financial accounts, your account statements and your free credit reports for any suspicious activity.”
This seems to have been an international incident because at least Korean and Chinese customers seem to have been affected. In South Korea, Dior could be faced with a trial for not having properly notified the relevant authorities. Currently, no threat player has claimed the responsibility of the attack, and the stolen data have not emerged on the Dark Web.
Via Bleeping Compompute
