[Alpha Biz= Kim Jisun] The Personal Information Protection Commission (PIPC) of South Korea has launched an investigation into luxury brands Christian Dior and Tiffany & Co., both subsidiaries of global luxury conglomerate LVMH, following allegations of delayed reporting of customer data breaches.
On June 1, the PIPC confirmed that it is probing two recent incidents involving unauthorized access to customer data held by Dior and Tiffany.
On May 13, Dior publicly disclosed via its website that "an unauthorized third party accessed certain customer data." The compromised information reportedly includes customer names, phone numbers, email addresses, and purchase history. Tiffany, meanwhile, reportedly began notifying affected South Korean customers via email on May 26 about a breach involving names, addresses, and phone numbers.
However, Dior reportedly became aware of the breach on May 7, despite the incident occurring as early as January 26, and notified authorities only three days later. Tiffany detected its breach on May 9, about a month after the data was actually compromised on April 8, and filed a report on May 22.
Under South Korea’s Act on Promotion of Information and Communications Network Utilization and Information Protection (Information and Communications Network Act), organizations must report any recognized data breach to the Ministry of Science and ICT or the Korea Internet & Security Agency (KISA) within 24 hours of becoming aware of the incident.
The PIPC stated that it will determine whether the delayed disclosures violated statutory obligations and whether additional regulatory actions are warranted.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
