Dior’s Data Privacy Disclosure

The house of Dior’s customer data was allegedly accessed outside of standard operations and procedures.

Founded in 1946, Dior has been renowned as luxury brand through their accessories and fragrances. At the end of 2024, Dior employs over 215,000 employees globally.

About The Breach

Around May 7th, Dior discovered there had been unauthorized accessed to an undisclosed customer’s database. According to numerous news outlets, no financial data was disclosed.

However, other Personaly Identifiable Information (PII) was found. This includes, but not limited to: full name, gender, phone numbers, and other voluntary shared information from Dior’s customers.

The information that was disclosed were for customers primarily in China and South Korea

According to Dior, they are ongoing working with cyber professionals and claim the incident has been contained at this time. No further information at this time has been released on the source of this breach.

Lessons Learn From This Breach

Outsourcing services is a very common practice, but it’s important to include cyber risks as part of the evaluation.

Here is a checklist that can be built from for the next time outsourcing is needed:

1. Verify any documented breaches in the past.

2. Verify security credentials (SOC 2/ISO 27002 compliance).

3. Outline data breach reporting requirements.

4. Assess if data is encrypted at rest or in transit.

5. Validate if MFA and SSO is available.

6. Assess least privilege.

7. Assess if the vendor has monitoring and an IR plan.

8. Implement a backup plan.