KOREA’S Personal Information Protection Commissioner fined three LVMH luxury brands after Salesforce data breaches, with fines totaling 36.033 billion won (USD 24,925,824.15) and penalties of 10.8 million won (USD 7,472.78). The brands affected were Louis Vuitton Korea Ltd., Christian Dior Couture Korea Co., Ltd, and Tiffany Korea Co., Ltd, all of which must publish notices of the fines on their websites.
According to the regulator, the breaches occurred while using customer management services based on Software as a Service, and the notice implies the SaaS involved was Salesforce as part of the ShinyHunters Salesforce campaign. The Louis Vuitton breach leaked personal information for approximately 3.6 million people across three events in June 2025, with malware infections and stolen service-type software account information cited.
Dior’s breach affected about 1.95 million customers after a customer service representative was duped into granting access to its SOaaS service, and Tiffany experienced a leak affecting around 4,600 people after a similar social engineering attack. The regulator’s guidance emphasises restricting IP address access and applying secure authentication methods when accessing personal information systems from outside.