Luxury fashion house Louis Vuitton has confirmed a cyberattack that exposed the personal data of UK customers on July 2, marking the third breach affecting parent company LVMH in recent months.

Customer names, contact details, and purchase histories were compromised, though no financial information was stolen, the company said. In an email to affected customers, Louis Vuitton acknowledged the risk of fraud, saying, “While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorized use of your information may occur.”

The company added, “We are working to notify the relevant regulators and affected clients in line with applicable law,” and emphasized, “We sincerely regret any concern or inconvenience this situation may cause.”

According to The Guardian, attackers likely exploited weaknesses in Louis Vuitton’s UK systems using SQL injection or credential stuffing techniques, gaining access to high-value customer data that could be used for identity theft or social engineering. Experts believe the attack may have bypassed intrusion detection systems and web application firewalls, potentially through CRM vulnerabilities.

Thomas Richards, infrastructure security director at Black Duck, said, “The pattern of other LVMH regionals being compromised in similar ways might be indicative of a larger problem. LVMH should conduct an organisation‑wide security assessment to determine the root cause and implement recommended changes.”

James Hadley, founder of Immersive Labs, noted the heightened risk for the brand’s clientele, saying, “Louis Vuitton’s core customer base includes high‑net‑worth individuals; therefore, customers would have expected extra precautions. The personal information of high‑profile individuals is perceived as more valuable by cybercriminals.”

In response, Louis Vuitton isolated affected systems, launched a forensic investigation, and notified the UK Information Commissioner’s Office in compliance with GDPR Article 33. The company has also enhanced its cybersecurity by strengthening multi-factor authentication, deploying new endpoint detection systems, and implementing behavioral analytics to detect future threats.

This breach follows recent attacks on Harrods, Co-op, and Marks & Spencer, signaling a broader trend of organized cybercrime targeting the luxury retail sector. Experts continue to recommend a zero-trust approach to security, along with regular staff training and ongoing audits to protect sensitive customer data.