Dior faces scrutiny, fine in Korea for insufficient data breach reporting
Published: 14 May. 2025, 14:26
Updated: 14 May. 2025, 20:17
![The logo of fashion brand Dior is seen outside one its stores in Paris, France on Jan. 27, 2023. [REUTERS/YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/05/14/a8552175-0447-4677-b3b4-be0d09a0fbe7.jpg)
The logo of fashion brand Dior is seen outside one its stores in Paris, France on Jan. 27, 2023. [REUTERS/YONHAP]
Luxury brand Dior is facing criticism in Korea for its inadequate response to a recent data breach that exposed the personal information of customers in Korea.
While the company notified the Personal Information Protection Commission (PIPC), it failed to report the hacking incident to the Korea Internet & Security Agency (KISA), as required by law.
Dior did not take any action to inform KISA, despite acknowledging the breach through a notice on its website, according to Rep. Choi Soo-jin of the People Power Party on Wednesday.
Previously, Dior revealed that it had “found on May 7 that an unauthorized third party gained access to some customer data," which included contact details and purchase preferences. The company stated that no financial data, such as banking information, IBANs, or credit card numbers, had been compromised.
Although the breach occurred at Dior’s global headquarters and not its Korean subsidiary, Dior Korea, Korean law mandates notification when domestic users are affected, regardless of where the breach occurred.
![Two women walk past a Dior store in Jung District, central Seoul on Jan. 12, 2023. [NEWS1]](https://koreajoongangdaily.joins.com/data/photo/2025/05/14/a9ee7deb-76bc-490b-aef8-3af8f4bf7f7e.jpg)
Two women walk past a Dior store in Jung District, central Seoul on Jan. 12, 2023. [NEWS1]
Under Article 48, Paragraph 3 of the Information and Communications Network Act, service providers must report security incidents immediately to the Ministry of Science and ICT or to KISA.
Article 5-2 of the same law specifies that these requirements apply even if the incident originates outside Korea but affects the domestic market or users.
KISA reportedly contacted Dior Korea by phone to explain the oversight. Failure to report such incidents may result in fines of up to 30 million won ($21,180), should the Science Ministry pursue formal charges.
“Considering that SK Telecom also reported its hacking incident late -- two days after it happened -- and Dior only reported the breach to the PIPC and not to KISA, it can be interpreted that the industry has not been given sufficient notice regarding the reporting work of the agency,” a representative from Rep. Choi’s office said.
Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff.
BY JUNG SI-NAE [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)