South Korea fined Dior, Louis Vuitton, and Tiffany $25M after hackers breached their Salesforce systems, exposing customer data.
South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered LAPSUS$ Hunters, led to major customer data breaches.
The extortion campaign by the Scattered LAPSUS$ Hunters targeted Salesforce customers and hit dozens of companies. The group gained access to corporate Salesforce accounts using social engineering tactics rather than exploiting software vulnerabilities, allowing them to steal millions of customer records from compromised systems.
South Korea’s Personal Information Protection Commission fined Dior about $8.4 million after a voice phishing scam led to 1.95 million records being compromised. Louis Vuitton was fined about $15 million after malware on employee devices exposed data of 3.6 million people. Tiffany & Co. must pay $1.6 million following a similar phishing attack affecting 4,600 individuals.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Dior, Tiffany)
