HK privacy watchdog opens probe into Louis Vuitton HK's data breach

The Hong Kong privacy watchdog has launched an investigation into an alleged data breach at Louis Vuitton Hong Kong (LVHK) that affected 419,000 customers.

The Office of the Privacy Commissioner for Personal Data (PCPD) said in a statement to MARKETING-INTERACTIVE that it received a data breach notification from LVHK on 17 July. Its French headquarters detected suspicious activity in its computer system on 13 June and discovered on 2 July that the incident had affected Hong Kong customers, which LVHK was informed of on the same day.

“The PCPD has initiated an investigation into LVHK following established procedures, including whether there was a delay in reporting the incident,” the statement reads. Meanwhile, no related complaints or inquiries have been received thus far. 

The leaked data included customers' names, passport numbers, dates of birth, addresses, email addresses, phone numbers, shopping records, and product preferences. However, the incident did not involve the exposure of credit card, bank, or other financial account details.

On the other hand, LVHK said in a statement that it immediately took steps to investigate and contain the incident with the support of cybersecurity experts after it discovered an unauthorised party had accessed some of the data it held for clients.

LVHK stated that while its investigation is ongoing, it confirmed that no payment information was contained in the accessed database and that it is working to notify the relevant regulators and affected clients. The company also said it continuously updates its security measures to protect against the evolving threat landscape and has taken steps to further strengthen its systems' protection.

Don't miss: Dior apologises over unauthorised China data leak

The PCPD has suggested that potentially affected individuals stay vigilant against the misuse of their personal data. They should monitor their accounts for unusual login activity, review bank statements for unauthorised transactions, and be cautious of unknown calls or messages, avoiding suspicious attachments or links. Additionally, individuals should remain alert to phishing attempts and other fraud.

Additionally, the PCPD has urged companies to quickly report any data breach incidents, as this enables the office to help the relevant companies and affected individuals take appropriate and timely actions to minimize the damage caused by the breach.

“Companies should also notify affected individuals as soon as possible about the data breach,” it added. 

Apart from Hong Kong, Louis Vuitton's operations in the UK and Korea have also experienced similar cyberattacks, according to The Guardian. Recently, the luxury brand revealed that an unauthorised third party had accessed its UK systems, obtaining information including names, contact details, and purchase history. The brand's Korean operations faced a similar incident, assuring customers that no financial information, such as bank details, was compromised.

Related articles:

Dior apologises over unauthorised China data leak
InvestHK opens probe into potential data leak following ransomware attack
HK privacy watchdog uncovers security issues in Oxfam HK data leak