{
	"id": "a6be7559-96a4-4686-b76f-2756dffb140e",
	"created_at": "2026-04-06T00:16:42.384155Z",
	"updated_at": "2026-04-10T13:11:59.561842Z",
	"deleted_at": null,
	"sha1_hash": "201260b785c890422774cf9920d355b9fbb638b8",
	"title": "Louis Vuitton says regional data breaches tied to same cyberattack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3035467,
	"plain_text": "Louis Vuitton says regional data breaches tied to same cyberattack\r\nBy Lawrence Abrams\r\nPublished: 2025-07-16 · Archived: 2026-04-05 21:05:26 UTC\r\nUpdate 7/17/25: Updated story with links to breach notifications for Italy and Sweden as well.\r\nLuxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem\r\nfrom the same security incident, which is believed to be linked to the ShinyHunters extortion group.\r\nSince last week, the retailer has been notifying customers that their info was exposed in a data breach, first in South Korea,\r\nthen in Turkey, and on Friday in the United Kingdom. After publishing, BleepingComputer learned that notifications also\r\nwent to customers in Italy and Sweden.\r\nhttps://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Despite all security measures in place, on July 2, 2025, we became aware of a personal data breach resulting from the\r\nexfiltration of certain personal data of some of our clients following an unauthorized access to our system,\" reads Louis\r\nVuitton's data breach notifications sent to customers.\r\n\"We would like to assure you that our cybersecurity teams have taken care of the incident with the utmost diligence and\r\nattention. Technical measures were immediately taken to contain the incident after its occurence, notably by blocking the\r\nunauthorized access.\r\n\"Louis Vuitton teams are mobilized to cooperate with the competent authorities which have been notified, including the\r\nInformation Commissioner's Office (the ICO).\"\r\nLouis Vuitton data breach notification to UK customers\r\nSource: Teytey2022 (Reddit)\r\nIn a statement to BleepingComputer, Louis Vuitton confirmed that no payment information was compromised from the\r\ndatabase accessed during the incident.\r\nThe company further stated that it is working with cybersecurity experts to investigate the incident and has begun notifying\r\nrelevant regulators.\r\nWhen asked if the breach notifications in the different regions are linked to the same security incident, BleepingComputer\r\nwas told that their statement applies to all notifications sent to clients.\r\nThis incident follows similar breaches disclosed by Tiffany \u0026 Co. in April and House of Dior in May, affecting customers in\r\nSouth Korea.\r\nhttps://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/\r\nPage 3 of 4\n\nWhen BleepingComputer asked if the Louis Vuitton and Dior breaches were part of the same cyberattack, a LVMH\r\nspokesperson said there was no additional information they could share at this time.\r\nHowever, sources have told BleepingComputer that the LVMH breaches are linked to an attack by the ShinyHunters\r\nextortion group, which gained access and stole data from a third-party vendor's database.\r\nThis same attack is also believed to be tied to a data breach at Adidas disclosed in May that also impacted customers from\r\nSouth Korea and Turkey.\r\nShinyHunters is a prolific threat actor tied to numerous data theft campaigns, including those against Salesforce and\r\nPowerSchool, as well as the SnowFlake attacks, which impacted Santander, Ticketmaster, AT\u0026T, Advance Auto Parts,\r\nNeiman Marcus, and Cylance.\r\nLast month, French police arrested five operators of the BreachForum cybercrime forum, which included ShinyHunters\r\nmembers, who had helped re-launch the hacking forum.\r\nHowever, it is believed that other members of the group are still at large, so other attacks may appear under that alias in the\r\nfuture.\r\nBleepingComputer contacted Louis Vuitton to ask if ShinyHunters was behind its breach but did not receive a response at\r\nthis time.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/\r\nhttps://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/"
	],
	"report_names": [
		"louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434602,
	"ts_updated_at": 1775826719,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/201260b785c890422774cf9920d355b9fbb638b8.pdf",
		"text": "https://archive.orkl.eu/201260b785c890422774cf9920d355b9fbb638b8.txt",
		"img": "https://archive.orkl.eu/201260b785c890422774cf9920d355b9fbb638b8.jpg"
	}
}