Class Action Against Dior Alleges Negligence Prompted Data Breach
House of Dior didn't properly secure customers' sensitive personal information, prompting a data breach in Jan. 2025, a class-action lawsuit filed Wednesday alleges. The suit also claims Dior was too slow to inform customers that their personal data was potentially exposed.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Filed in the U.S. District Court for Northern New York, the complaint said Dior "disregarded" customers' rights "by intentionally, willfully, recklessly, or negligently failing to implement and maintain adequate and reasonable measures to ensure" the sensitive information "was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required, and appropriate protocols, policies, and procedures regarding the encryption of data, even for internal use."
Though the data breach occurred in January, Dior didn't discover it until May; it began notifying customers July 18, according to law firm Schubert Jonckheer -- which is investigating the breach -- and a sample notification letter the Texas, California and Vermont attorneys general attached to their reports (see 2507230038).
Case 25-06058 alleges counts of unjust enrichment, invasion of privacy and breach of implied contract in addition to negligence.