South Korea’s Personal Information Protection Commission (PIPC) has imposed hefty penalties on major luxury brands due to significant data breaches. This move follows a recent cyberattack that compromised sensitive data on a large scale.
Details of the Fines Imposed
The PIPC announced fines totaling 36 billion Korean won, equivalent to $25 million, against the luxury brands Louis Vuitton, Dior, and Tiffany. These brands are all part of the LVMH conglomerate, based in Paris.
Among the fines, Louis Vuitton was hit hardest with a penalty of approximately $15 million. This was due to cybersecurity oversights that led to malware infections on employee devices, ultimately affecting the data of about 3.6 million individuals.
Specific Incidents Leading to Penalties
Dior faced a fine exceeding $8.4 million after falling victim to a voice phishing attack. This security lapse resulted in the exposure of personal information belonging to 1.95 million people.
Tiffany was ordered to pay $1.6 million for a similar incident where voice phishing compromised the details of approximately 4,600 individuals.
Background and Broader Campaign
The data breaches are reportedly linked to an intrusion on a SaaS platform, though the specific platform remains unnamed. The incident is part of a broader campaign that targeted Salesforce customers, affecting numerous high-profile organizations last year.
The Scattered LAPSUS$ Hunters, an extortionist group, managed to acquire millions of records by exploiting social engineering tactics rather than exploiting weaknesses in Salesforce’s systems.
Implications and Industry Reactions
The incident underscores the critical need for robust cybersecurity measures within the luxury sector. The targeted brands and many others are reassessing their security protocols to prevent future breaches.
LVMH has been reached for comments on the situation, and updates will follow as new information becomes available.
For more related information, see details on similar incidents affecting other companies.
