Louis Vuitton Breach May Have Included US Customer Data

The June 7 data breach "was originally reported to have affected 419,000 customers in South Korea, Turkey, United Kingdom, Italy and Sweden, but on or around August 22, 2025, Louis Vuitton North America, Inc., reported the data breach to" several U.S. state attorneys general, law firm Schubert Jonckheer said in a press release. The firm is investigating the breach on behalf of potential victims.

Additionally, "although the breach occurred in June 2025," Louis Vuitton didn't notify until on or around Aug. 22, possibly violating state and federal laws, Schubert Jonckheer said. Compromised information includes contact information, addresses, dates of birth, and passport or government ID numbers.

Texas' attorney general reported the breach Tuesday, and said 23,570 Texans were impacted. California's AG reported the breach on Aug. 22, with an attached sample notification letter. Washington state, Vermont and South Carolina also reported it that day. South Carolina said 2,103 of its residents were affected.

The sample letter said a cybersecurity incident was discovered July 2, and the company "promptly engaged leading third-party cybersecurity experts and took steps to investigate the incident." The investigation determined "an unauthorized party gained access to a database containing client data on June 7, 2025," but now "the incident has been contained."

It also said law enforcement was notified, though it didn't say when. "We are taking steps designed to enhance the security of our systems and to help prevent similar incidents in the future," said Louis Vuitton in the letter. The fashion house is also offering two years of credit monitoring, fraud resolution services, and identity theft insurance to those impacted.