260/68 Friday, July 18, 2025
Luxury fashion brand Louis Vuitton has officially confirmed that the data breach affecting customer information in the United Kingdom, South Korea, and Turkey originated from the same incident. The company suspects a connection to the notorious ransomware group ShinyHunters, which has a track record of attacking major organizations worldwide.
According to the statement, Louis Vuitton began notifying affected customers in stages—starting in South Korea, followed by Turkey, and most recently the UK on July 12, 2025. The company disclosed that despite robust cybersecurity measures, it detected unauthorized access to its systems on July 2, 2025, during which some customer personal data was exfiltrated. Importantly, Louis Vuitton clarified that no payment data was compromised in the accessed databases.
The company has reported the incident to relevant regulatory authorities, including the UK Information Commissioner’s Office (ICO), and is cooperating with external cybersecurity experts to conduct a thorough investigation.
Sources close to the matter told BleepingComputer that the attack is linked to ShinyHunters, who allegedly accessed vendor databases and extracted customer data. The breach also appears to be connected to similar incidents involving other LVMH brands, including Tiffany & Co. and House of Dior, with customer data affected in South Korea. Additionally, the breach shares characteristics with Adidas’ data breach, which impacted users in both Turkey and South Korea around the same period.
ShinyHunters is known for its ongoing malicious activity, having previously targeted high-profile organizations such as Salesforce, PowerSchool, Santander, Ticketmaster, AT&T, Neiman Marcus, and Cylance. The group exploited vulnerabilities in cloud environments like Snowflake. In June, French authorities arrested five core members of BreachForums, including individuals linked to ShinyHunters. However, some members remain at large, and experts warn that the group’s name may continue to be used in future cyber operations.
