French luxury brand House of Dior has been hit with a data breach in Asia-Pacific, with the Chinese and Korean markets confirmed so far.
In China, customers reportedly received a text message from Dior informing about the data breach.
In South Korea, the company released a statement on its website, saying it has discovered an unauthorised third party access of its Dior Fashion & Accessories customers’ data on May 7.
“The Dior team continues to investigate and respond to this incident together with cybersecurity experts,” it said.
As per internal initial investigation, data stolen included customers’ contact information, purchase data, and preference data shared with Dior.
The company stressed that no financial information, such as bank details, international bank account numbers (IBANs), and credit card information, were stolen.
“We have reported this incident to the Personal Information Protection Commission and are contacting customers affected by this incident,” the statement further read.
“The confidentiality and security of customer data is a top priority for the House of Dior. We deeply apologize for any inconvenience or concern this may have caused our customers,” the company said.
According to a security expert, Singaporean consumers should also be on high alert following the data breach on Dior.
“Singapore’s retail sector has been heavily targeted, facing an average of 907 cyberattacks per organisation each week over the past six months. With the increased attack surface, breached data is often weaponised to launch follow-on scams. These range from fake delivery notices to phishing sites that mimic legitimate e-commerce platforms, all designed to harvest user credentials or spread malware,” said Abhishek Kumar Singh, Head of Security Engineering, Singapore, Check Point Software Technologies.
According to Singh, luxury brands like Dior, which cater to affluent buyers, are particularly attractive to fraudsters. Cybercriminals may circulate fake promotions, limited-time sales, or loyalty campaigns via social media, email, WhatsApp, or Telegram to trick users into engaging with malicious content.
“To reduce risk, consumers should avoid clicking links in unsolicited messages and always access websites by typing official URLs directly. Suspicious messages should be verified through customer support or official social media channels. Enable 2FA (e.g., SingPass), monitor CSA advisories, and report scam messages to Singapore’s ScamShield platform (www.scamshield.org.sg). Vigilance and cyber hygiene remain critical in this elevated threat landscape,” he advised.
