Sergey Nivens - stock.adobe.com

News

Luxury retailer LVMH says UK customer data was stolen in cyber attack

French luxury goods retailer LVMH has disclosed multiple cyber attacks in 2025 so far, their impact is now spreading to the UK as a new incident affecting Louis Vuitton comes to light.

Alex Scroxton
By
Published: 14 Jul 2025 15:45

UK customers of luxury goods brand Louis Vuitton have been warned to be on their guard against opportunist fraud attempts after their data was compromised in a cyber attack on the retailer.

In an email sent to customers, Louis Vuitton revealed that its IT systems were accessed on 2 July 2025 by an unauthorised third party, who was able to obtain data including names, contact details and purchasing histories – all data of use to cyber criminals. Louis Vuitton said that bank and credit card details were not affected.

Computer Weekly understands Louis Vuitton is engaged with the UK authorities and has informed the Information Commissioner’s Office (ICO) of the incident.

This is the third incident disclosed by Louis Vuitton’s parent, French luxury goods house LVMH, in recent months.

Earlier in July, Louis Vuitton Korea also revealed it had fallen victim to a cyber intrusion, while two of the organisation’s other high-profile labels, Christian Dior Couture and Tiffany, reported an attack in May.

The organisation also operates other iconic beauty, fashion and luxury goods brands including Bulgari, Givenchy, Fendi, Loewe, Marc Jacobs, Moët & Chandon, Sephora, and TAG Heuer.

A link to other attacks is possible

The nature of LVMH’s business and the timing of the incidents will draw speculation of a link to the Scattered Spider hacking collective that attacked Marks & Spencer (M&S), Co-op Group and Harrods, and is potentially behind an ongoing incident at Australian airline Qantas.

Four people accused of involvement in the M&S cyber attack, including a 17-year-old boy, were arrested and taken into custody in the UK last week.

The Scattered Spider gang makes a habit of selecting one industry vertical at a time to attack, often through specialist third-party suppliers with access to systems in multiple organisations.

Given other incidents occurred at LVMH broadly in line with the M&S attack, a link should not necessarily be ruled out at this stage, and it is likely investigators will be pursuing this angle.

“The pattern of other LVMH regionals being compromised in similar ways might be indicative of a larger problem,” said Thomas Richards, infrastructure security practice director at Black Duck.

“The breach might not be fully contained, or these business units use similar technology and systems that have a vulnerability in it,” he added. “LVMH should conduct an organisation-wide security assessment to determine the root cause and implement recommended changes to prevent further breaches and ensure uncompromised trust in their software.”

High-net-worth individuals

Immersive founder and chief innovation officer James Hadley said the spate of cyber attacks on LVMH properties could prove hugely damaging to the group’s reputation.

“Louis Vuitton’s core customer base includes high-net-worth individuals; therefore, customers would have expected extra precautions to be taken to protect their personal information,” he said.

“The personal information of high-profile individuals is perceived as more valuable by cyber criminals, and with the recent string of retail breaches, attackers may have felt emboldened.”

Read more on this story

  • 22 April 2025: A cyber attack at M&S has caused significant disruption to customers, leaving them unable to make contactless payments or use click-and-collect services.
  • 24 April: M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business.
  • 25 April: M&S shuts down online sales as it works to contain and mitigate a severe cyber attack on its systems.
  • 29 April: An infamous hacking collective may have been behind the ongoing cyber attack on M&S that has crippled systems at the retailer and left its ecommerce operation in disarray.
  • 30 April: A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack.
  • 1 May: Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop.
  • 1 May: Harrods confirms it is the latest UK retailer to experience a cyber attack, shutting off a number of systems in an attempt to lessen the impact.
  • 2 May: The National Cyber Security Centre confirms it is providing assistance to M&S, Co-op and Harrods as concerns grow among UK retailers.
  • 7 May: No end is yet in sight for UK retailers subjected to apparent ransomware attacks.
  • 13 May: M&S is instructing all of its customers to change their account passwords after a significant amount of data was stolen in a DragonForce ransomware attack.
  • 14 May: Google’s threat intel analysts are aware of a number of in-progress cyber attacks against US retailers linked to the same gang that supposedly attacked M&S and Co-op in the UK.
  • 20 May: Cold chain services provider Peter Green Chilled, which supplies the likes of Aldi, Sainsbury’s and Tesco, has been forced to halt operations after succumbing to a ransomware attack.
  • 11 June: So-called Black Swan events expose the blind spots in even the most sophisticated forecasting models, signaling a need to rethink how businesses, and those investing in them, quantify and prepare for cyber risk.
  • 13 June: The recent spate of cyber attacks on UK retailers has to be a wake-up call to build more cyber resilience into digital supply chains and fortify against social engineering attacks.
  • 17 June: Following a series of high-profile attacks on prominent retailers and consumer brands, a group of criminal hackers appears to be expanding their targeting to the insurance sector.
  • 20 June: The UK’s Cyber Monitoring Centre has published its first in-depth assessment of a major incident, reflecting on the impact of and lessons learned from cyber attacks on M&S and Co-op.
  • 27 June: Multiple reports are emerging of cyber attacks on airlines – Google Cloud’s Mandiant believes them to be linked.
  • 2 July: Australian flag carrier Qantas is investigating significant data theft of personal information for up to 6 million customers after a third-party platform used by its call centre was compromised.
  • 2 July: A developing cyber attack at Australian airline Qantas that started at a third-party call centre is already being tentatively attributed to the same gang that hit UK retailers. Find out more and learn about the next steps for those affected.
  • 8 July: The government should extend ransomware reporting mandates to businesses to help gather more intelligence and better support victims, says M&S chairman Archie Norman.
  • 9 July: Australian flag carrier begins notifying millions of individuals after a cyber attack on a call centre, confirming that while financial and passport details are safe, a significant volume of other personal information was compromised.
  • 10 July: Police have made four arrests in connection with a trio of cyber attacks on UK retailers Marks & Spencer, Co-op and Harrods.

Read more on Data breach incident management and recovery