Privacy Daily is a service of Warren Communications News.
Subscriber Login

Law Firm Questions Dior's Delay Reporting Data Breach

July 23, 2025 |Data Security

House of Dior suffered a data breach in January that may have exposed the personal information of customers, a law firm investigating the incident on behalf of potential victims said Tuesday. Schubert Jonckheer noted Dior "did not begin notifying affected individuals until on or around July 18, 2025, which may have violated state and federal laws." The French luxury fashion firm didn't identify the breach until May 7, Schubert Jonckheer noted.

Sign up for a free preview to unlock the rest of this article

Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.

Start My Free Preview

Data exposed may have included customers' Social Security numbers, contact details, addresses and passport or government ID numbers, the lawyers added. Neither the law firm nor Dior reported the number of people the breach impacted.

The Dior website has a page notifying web visitors of the breach and said it "immediately took steps to contain this incident" and "continue[s] to investigate and respond to the incident," with support from cybersecurity experts. Dior said it's "working to notify relevant regulators and customers in line with applicable law," and that "no payment information, including bank account or payment card information, was contained in the database accessed."

The Texas attorney general's office reported the breach on Tuesday as well, saying that 9,716 Texas residents were affected. Both the California OAG and Vermont's AG reported the breach on July 18, and had a sample notification letter linked. Washington state's report of the breach, also from July 18, had a notification letter attached, and said that 10,878 state residents were affected.

Dior said its notification letter an investigation "determined that an unauthorized party was able to gain access" to a database on January 26, 2025, but there is no evidence of subsequent unauthorized access. "We have taken steps designed to enhance our network security and help prevent future incidents." The fashion company is also offering two years of free credit montioring.