ACCORDING to South Korea’s Personal Information Protection Commission, Dior, Louis Vuitton, and Tiffany & Co. were fined a total of 36 billion Korean won ($25 million) after hackers breached their Salesforce systems and exposed customer data. The extortion campaign was linked to Scattered LAPSUS$ Hunters and targeted Salesforce customers, with the group gaining access through social engineering rather than exploiting software vulnerabilities.
The commission said the attacks led to the compromise of millions of customer records across the brands’ systems. Dior was fined about $8.4 million after a voice phishing incident affected 1.95 million records, Louis Vuitton about $15 million exposing data for 3.6 million people, and Tiffany & Co. nearly $1.6 million related to roughly 4,600 individuals. The report notes the attackers used compromised Salesforce accounts to facilitate their data theft and extortion activities.