What the LVMH attacks reveal about brand resilience

Months after cybercriminals broke into the Asian subsidiary of Christian Dior, Louis Vuitton announced on July 2 that their Korean database had been hacked, and sensitive files stolen.

The incident is the third attack against LVMH, which owns Louis Vuitton and Christian Dior, in recent months. 

The LVMH-owned brands notified customers that unauthorized parties had accessed parts of their client database, revealing their contact details and shopping preferences.

In both cases, impacted consumers in China and Korea were assured that bank information and credit card data were not stolen as part of the breach.

Under General Data Protection Regulation (GDPR) and many other local cyber laws, companies must swiftly notify authorities and customers if data is compromised, and obey rigid requirements for how data is collected, stored, and used.

Even though Dior, headquartered in Paris, complies with these policies—which should help lessen any legal trouble—the brand is still facing a public relations crisis in China, one of its most important and digitally advanced markets.

The incident spotlights just how integral local compliance and data governance infrastructure have become to the brand experience.

Consumers rely on brands’ digital prowess as they interact with ever-sophisticated online channels, and the handling of one incident could unravel long-term trust. 

How data breaches affect consumers

Today, 81% of consumers believe data protection reflects how much a brand values them, and more than 80% would cut ties after a cyberattack.

These findings are mirrored in a 2022 study in which one out of three affected consumers claimed they discontinued online shopping on Morele.net after the breach. Consumers expressed feelings of disappointment and became more conscious about providing their data. 

As a result of this attack and similar attacks across all industries, we are seeing more consumers opt out of marketing when browsing websites. It is becoming trickier for retailers to obtain the data they need to build brands that resonate with customers, and transparent communication is needed to regain trust.

PwC's 2025 voice of consumer survey found 83% of consumers seek reassurance that their devices are safeguarding their information.

As awareness and concerns heighten, so does the urgency to build this messaging into brand strategies.

Make local compliance part of global brand strategy

In a digital-first world, robust cybersecurity is no longer a competitive differentiator; it must be an integral part of the brand promise.

Consumers in both luxury and retail sectors expect seamless, secure digital interactions. For global retailers, that means navigating local rules to ensure brands are positioned as reliable and digital experiences are secure.

Cybersecurity leaders must conduct global data governance audits to identify where local regulations (like China’s PIPL, South Korea’s PIPA, and Europe’s GDPR) align or diverge.

They must prioritize the strictest standards as baseline requirements (e.g., GDPR-level protections across all markets), then layer local requirements on top.

This avoids fragmentation and creates a cohesive global compliance posture.

However, compliance is not a one-off task.

Appointing local data protection officers (DPOs) or compliance leads in key markets will help to monitor evolving laws and consumer expectations.

These local experts can help adapt brand experiences to regional sensitivities.

For instance, in Asia, consumers shop online more frequently than their global counterparts and highly value self-checkout and mobile payments.

Matching the standards of Asian retail financial transactions could help improve global perceptions.

Be transparent with consumers

Privacy notices, consent flows, and data requests are part of the brand experience. Consumers expect clarity, control, and respect when they share their data.

Cybersecurity teams must ensure every digital touchpoint, from shopping platforms to loyalty programs, is locally compliant by design.

But brand leaders also need to stay involved.

They should verify that protections are in place and help shape how privacy is communicated, so it aligns with the brand’s voice and builds trust.

Key safeguards include regular security audits and incident response plans that cover containment, recovery, and communication.

Brand teams play a role in making sure privacy messaging is clear and consistent, so both customers and employees understand what the brand stands for.

After a breach, leaders should ask what new protections are in place.

These might include AI-based threat detection, limited role-based access, reconfigured APIs, and mandatory multi-factor authentication.

With the growing volume of digital interactions comes a widened attack vector.

Technology is improving safety and convenience, but only credibility keeps customers coming back.

BUSINESS REPORT