Louis Vuitton

Summary

Major high-end fashion brand Louis Vuitton suffered a cyber attack on 2 July 2025 that affected Australian customers along with customers in multiple other countries. An unauthorised third party temporarily accessed the company's systems and obtained customer information including names, contact information, dates of birth, and shopping preferences. Financial information and passwords were not compromised.

What Happened

On 2 July 2025, Louis Vuitton detected unauthorised access to its systems by a third party. The attackers obtained customer data including names, contact information, birthdates, and shopping preferences. The company immediately took technical measures to block the attacker and contain the incident. Australian customers were notified approximately three weeks after the breach was discovered. The threat actor behind the incident remains unknown, though the ShinyHunters hacking group was suggested as a possible perpetrator.

Impact on Individuals

Australian Louis Vuitton customers had their personal shopping information exposed, including names, contact details, dates of birth, and shopping preferences. The exact number of affected Australian customers was not disclosed. The breach affected customers across multiple countries including Australia, Hong Kong, Sweden, Italy, the United Kingdom, South Korea, and Turkey. Louis Vuitton confirmed that no passwords, credit card details, or bank information was compromised in the attack.

Organisational Response

Louis Vuitton promptly took technical measures to block the attacker and contain the incident upon discovery on 2 July 2025. The company notified regulatory authorities in Australia and overseas. Affected Australian customers received email notifications warning them that an unauthorised third party had temporarily accessed the system and obtained their information. The luxury retailer urged customers to remain alert for phishing attempts, scam calls, or suspicious text messages.