South Korea fined Louis Vuitton, Dior and Tiffany a combined 36bn won ($24.9m) over major customer data leaks, with millions affected.

Seoul: South Korea’s privacy regulator has imposed a combined 36 billion won (US$24.9 million) in fines on the local branches of Louis Vuitton, Dior and Tiffany after a series of customer data breaches affecting millions of users. The Personal Information Protection Commission (PIPC) approved the sanctions during a plenary meeting on Wednesday.
Louis Vuitton Korea received the largest penalty, while Dior’s and Tiffany’s Korean units were also hit with significant fines for failing to prevent security lapses that exposed personal information.
Louis Vuitton fined most heavily after 3.6 million-user breach
Louis Vuitton Korea was ordered to pay 21.4 billion won – the highest among the three luxury brands – after personal data belonging to roughly 3.6 million customers was stolen.
The watchdog said external attackers gained access by hacking an employee’s device on three separate occasions.
According to the PIPC, the company had inadequate safeguards around remote login procedures, which enabled the unauthorised intrusions. Names, phone numbers and birth dates were among the compromised information.
Dior and Tiffany penalised for phishing-related breaches
Christian Dior Couture Korea was fined 12.2 billion won after falling victim to an incident in which employees were deceived into granting internal system access to malicious actors. The regulator said the breach went undetected for three months and impacted around 1.95 million users.
Tiffany Korea was also targeted in a phishing-style attack and was fined 2.4 billion won. About 4,600 customers’ personal details, including names and email addresses, were leaked.
Other companies sanctioned for privacy violations
The PIPC issued additional penalties across the food and beverage sector.
BKR, the operator of Burger King in South Korea, was fined 924 million won for collecting data from minors aged 13 or under without parental consent.
MGC Global, which runs the Mega MGC Coffee franchise, was fined 642 million won for sending marketing messages to customers who had not opted in.
Eight other food and beverage companies were also penalised for assorted breaches of the country’s personal information protection laws.
Financial regulator moves to tighten de-listing rules
In a separate announcement, South Korea’s Financial Services Commission (FSC) said it will toughen de-listing standards to accelerate the removal of underperforming companies from the KOSDAQ market.
The policy is aimed at improving the secondary exchange, supporting “productive finance”, and fostering an environment more conducive to innovative startups.
Under the revised rules, companies with a market capitalisation below 20 billion won (US$13.8 million) will be removed from the KOSDAQ starting 1 July. The minimum threshold will rise to 30 billion won from next year. (IANS)
Published: 12 Feb 2026, 10:58 am IST
Related Topics
Get Latest Mathrubhumi Updates in English
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.

