The Personal Information Protection Commission of South Korea has imposed significant fines against luxury brands including Louis Vuitton and Dior for serious breaches of personal data security. Notably, Louis Vuitton Korea has been fined approximately 21.3 billion won due to a security incident involving malware that compromised employee devices. This event resulted in the theft of account information associated with their software services, leading to the leakage of personal data for around 3.6 million individuals over a span of three incidents in June 2022. The commission highlighted that the breach occurred partly because Louis Vuitton failed to implement secure authentication methods for external access.

In addition to Louis Vuitton, Christian Dior Couture received fines totaling around 12.2 billion won for a similar breach, where an employee was deceived by voice phishing, resulting in the exposure of personal data for around 1.95 million individuals. The commission noted that Dior had not adequately monitored access logs regarding personal data, failing to detect the breach for over three months. Tiffany & Co. experienced a comparable issue, with about 4,600 personal records leaked also due to voice phishing attacks.

The commission emphasized that Software as a Service (SaaS) platforms used for customer management must adhere to stringent personal data protection standards, considering the potential vulnerabilities these services can present if not managed carefully. They urged companies to implement robust measures to limit access rights to what is strictly necessary for job functions to safeguard personal information effectively. This incident highlights the critical need for luxury brands to prioritize data security alongside operational convenience in a digital age.