Dior is the latest high profile name to be targeted by criminals following Marks & Spencer, Harrods and Co-op.
The luxury fashion house notified customers in China that it has suffered a data breach in a “malicious incident”, Chinese media reports.
Financial information was not accessed during the breach, according to a message sent by Dior to customers who have shared it on social media.
But personal information such as contact details, purchase history and other information that customers shared with the LVMH-owned brand was compromised, they said.
This could make those affected more vulnerable to scams and Dior has warned them to be weary of suspicious communications.
LVMH has been contacted for comment.
The breach follows cyber incidents affecting British retailers Marks & Spencer (M&S), Co-op and Harrods.
M&S was hit over Easter and is still unable to process online orders weeks later.
In an update to customers yesterday, penned by operations director Jayne Wall, the high street chain revealed that some personal customer data was taken.
This could include contact details, home address, date of birth and online order history.
Usable card or payment details were not accessed, and neither were account passwords.
The company added that there was no evidence that the stolen data has been shared.
M&S has warned customers to be alert to emails, calls and text messages claiming to be from the retailer.
Millions of pounds has been wiped from M&S’s market value and analysts at Bank of America Global Research estimate a £43m hit to sales from the incident.
The retailer was forced to pause hiring, and gaps were spotted on shelves amid the fallout from the incident.
Meanwhile, Co-op is still suffering from gaps on shelves at its supermarkets after a cyber attack at the end of April in which customer data was accessed.
The situation is not expected to improve until the weekend, it said in an update today, though its stock systems are now fully online, while contactless and chip and pin are now working at all stores.
A spokesperson said: “Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op.
"We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner.”
Meanwhile Harrods restricted access to the internet across its business after experiencing “attempts to gain unauthorised access” to its systems at the start of May.
All Harrods shops remain open for business as usual, and shoppers can still make purchases online.
Harrods said in a statement at the time: “We recently experienced attempts to gain unauthorised access to some of our systems.
“Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.
“Currently, all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers.
“Customers can also continue to shop via harrods.com.
“We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary.”
It is not clear who is behind the attacks and whether they are connected.
The government’s National Cyber Security Centre (NCSC) is working closely with organisations in the UK that have reported incidents “to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture”.
NCSC CEO Dr Rochard Horne said on May 1: “These incidents should act as a wake-up call to all organisations.
“I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”
High-net worth targets
Harrods was likely a target for hackers due to its customer base, said Mona Schroedel, a data protection specialist at National law firm Freeths.
“Luxury businesses will hold a specific interest for hackers, aside from the usual blackmail options such as extorting money to regain access to fully functioning systems,” she said at the time the issue was disclosed.
“Harrods for example has a client base of high-net-worth individuals and is likely to hold a range of personal data about them.
“Obtaining access to such personal data treasure troves could assist hackers in launching more targeted attacks.
"Data collected in the context of beauty treatments and products in particular may include sensitive personal data that individuals may not wish to be publicly known."
Dior appears to have been a target for similar reasons, Marijus Briedis, Chief Technology Officer at NordVPN commenting on the latest breach.
“When a luxury brand like Dior is breached, it’s not just data that’s compromised, it’s trust," he said.
"The exposure of customer profiles, preferences, and contact information may seem non-financial, but in the wrong hands, it becomes a blueprint for exploitation.”
"Knowing what someone buys, where they live, and how they shop is just as dangerous [as financial information].
"For cybercriminals, Dior’s customer data is a goldmine for psychological targeting.”
“Armed with purchase history and detailed personal info, attackers can create phishing emails that look like they came straight from Dior’s marketing department.
"That level of realism makes scams nearly indistinguishable from the real thing.”
“This breach is a stark reminder that luxury doesn’t mean immunity.
"High-end brands are prime targets because their customers are often high-value individuals.
"For attackers, this is about both data and influence."
Growing threat
Experts have warned that retailers are a growing target for hackers, especially over Bank Holiday weekends, when staffing levels are lower and online sales traffic is peaking.
Another Bank Holiday is coming up on May 26 in the UK.
“With Harrods now joining M&S and Co-op on the growing list of victims, this has the hallmarks of a coordinated campaign targeting the UK retail sector,” Shobhit Gautam, Staff Solutions Architect EMEA at cybersecurity firm HackerOne, told Cosmetics Business after the Harrods incident.
“Whether carried out by a single group or not, it’s clear that cybercriminals are looking to hit high-profile brands during a period of heightened commercial activity.”
“It is impossible at this stage to say whether there is an additional agenda behind these attacks, such as targeting national sentiment ahead of VE Day celebrations.
“But the intent to disrupt Bank Holiday trade is undeniable. Just as with the Easter Bank Holiday M&S attack, threat actors are seizing the moment to cause maximum chaos when businesses are least prepared.”
“It is a deliberate strategy designed to maximise disruption and financial impact while defences are thinly stretched.”
He added that further incidents were likely to emerge.
Spencer Starkey, VP EMEA at cyber security platform SonicWall, told Cosmetics Business: "It is not a matter of if, but when these retail institutions are attacked.
“Ransomware holds victim organisations' business operations hostage, which uniquely impacts retailers and other organisations that provide daily, direct services to their customers.
“Such attacks directly affect the victim’s revenue generation and thus provide additional leverage to the attackers in extracting the ransom.”
He added that robust security measures and regular staff training are crucial.
“Companies should start with the presumption that they will be targeted and have a comprehensive incident response plan in place, including a consumer notification process especially when sensitive data and financial information is corrupted,” he said.
“Regulation or industry standards should be put in place to protect consumers and relevant stakeholders from experiencing material damage and ensuring transparency from company officers.“