ACCORDING to the Personal Information Protection Commission (PIPC), Louis Vuitton, Dior and Tiffany were fined a total of 36 billion Korean won ($25 million) after a data breach linked to a SaaS platform intrusion.
The regulator said Louis Vuitton’s penalty was roughly $15 million for cybersecurity failures that exposed the information of about 3.6 million individuals, while Dior was fined the equivalent of more than $8.4 million for exposing the data of 1.95 million people after a voice phishing attack, and Tiffany was ordered to pay $1.6 million for about 4,600 people’s details exposed in a similar attack.
The data breaches were tied to a Salesforce-related incident, with the attackers reportedly using social engineering rather than exploiting Salesforce vulnerabilities. The notice states that the incidents occurred during a campaign targeting Salesforce customers carried out by the Scattered LAPSUS$ Hunters extortion group. SecurityWeek notes that the article was dated 16 February 2026.