Tiffany & Company Korea reports data breach of third-party application managing customer data
Learn More
The luxury jeweler Tiffany & Co. owned by LVMH Moët Hennessy Louis Vuitton, is reporting a significant data breach affecting customers in South Korea. This incident marks the second cybersecurity breach involving an LVMH luxury brand, following a similar attack on Dior earlier in May 2025.
The breach occurred on April 8, 2025, but Tiffany Korea only became aware of the incident on May 9, 2025. The cause of the attack is unauthorized access to a third-party platform used for customer data management. A Tiffany Korea representative stated that "the incident did not occur within South Korea but originated from Tiffany's global systems."
The breach may have been part of a larger attack targeting LVMH's vendor infrastructure, raising concerns about potential impacts on other luxury brands within the conglomerate.
The exposed data types include:
- Names
- Addresses
- Phone numbers
- Email addresses
- Internal customer ID numbers
- Purchase history and sales data
The number of affected individuals has not been disclosed. On May 26, 2025, Tiffany Korea notified select customers via email about the cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data.
Update - as of 17th of September 2025, Tiffany & Co. told some customers in Canada that the data breach four months ago may have leaked their names, postal and e-mail addresses, phone numbers and “sales data”.
As of 19th of September 2025, Tiffany and Company, has confirmed the data breach is affecting 2,590 customers across the United States.
