Hong Kong begins probe over Louis Vuitton data breach

Investigation underway as leak affects over 400,000 HK customers.

Louis Vuitton Hong Kong Limited (LVHK) has notified Hong Kong's Office of the Privacy Commissioner for Personal Data (PCPD) of a data breach, prompting a probe by the PCPD on the incident.

In a 19 July statement released by the privacy watchdog, the PCPD said it received LVHK's notification on 17 July, more than two weeks after the Hong Kong operations became aware of the data leak.

According to the PCPD, LVHK's headquarters in France detected suspicious activity in its computer systems back in June. On 2 July, the luxury retailer found that the incident affected customers in Hong Kong and made this discovery known to the HK unit.

Scope of LVHK data leak
It was noted that the data breach involved customers' personal information such as name, passport number, date of birth, address, email, telephone number, as well as shopping history and product preference.

The global scope of the cyber incident is unclear, but it was previously reported that Louis Vuitton customers in the UK, South Korea, and Turkey were also impacted. In Hong Kong, it is estimated that 419,000 customers were affected by the unauthorised access.

Privacy watchdog commences investigation
In line with established procedures, the PCPD is now investigating the HK data leak. Part of what it will look at is whether there was a delay in filing the required notification.

As the damage caused by data breaches can be costly, organisations are urged to report such incidents as soon as possible. This allows the likes of the PCPD to assist those who are impacted and minimise any possible damage.

Earlier this year, a report by EY cited "underestimating changing imperatives in privacy, security, and trust" as the top risk for telecommunications in 2025. It was pointed out that artificial intelligence is making cyberattacks smarter.