DIGITAL LIFE

Luxury brand Dior suffers hack attack

Dior, a luxury brand owned by the LVMH group, has confirmed that it was the target of a cyberattack that resulted in the exposure of personal data of some of its customers, mainly in China and South Korea. The incident, discovered on May 7, involved unauthorized access to a customer database.

The company assured that no financial information was compromised, as data such as bank details, IBAN numbers or credit card information were stored separately. However, data such as names, gender, postal and electronic addresses, telephone numbers, purchase history and preferences were exposed.

In a statement, Dior said: “We took immediate action to contain this incident. Dior teams, supported by leading cybersecurity experts, continue to investigate and respond to the incident. We are notifying all relevant regulatory authorities.”

This event highlights the risks of fraud and social engineering. Muhammad Yahya Patel, Lead Security Engineer at Check Point Software Technologies (https://www.checkpoint.com/), advises customers to be wary of phishing emails that simulate communications from Dior and to always access the brand's official website directly through the browser, avoiding clicking on suspicious links.

The retail and commerce sector is the second most attacked in Europe, preceded only by the financial sector, according to data from Check Point. Between the first and third quarters of 2024, there was a 23% increase in cyber threats targeting this sector. Countries such as France, Germany, Italy, Spain and the United Kingdom account for 78% of the recorded incidents.

Check Point Research (CPR) monitored the activity of the DragonForce ransomware group, which targeted large distributors in the United Kingdom, causing disruptions to e-commerce websites and internal systems. Adrien Merveille, an expert at Check Point Software, explains that in addition to extortion, attackers exploit stolen personal data for sale or for large-scale fraud campaigns.

Cybercriminals have evolved their tactics from simple file encryption to complex digital extortion schemes. Today, they steal data, expose sensitive information and use it as a weapon to intensify pressure on victims. The triple extortion model, which combines DDoS attacks, public exposure of data and contact with victims' customers or partners, has become a common practice.

In Portugal, organizations suffered an average of 2,091 attacks per week in the last six months, higher than the global average of 1,920 attacks.

The AgentTesla “infostealer” malware leads the threats in the country, with around 90% of malicious files distributed by email in the last month, highlighting the prevalence of phishing. The most exploited vulnerability is information disclosure, impacting 75% of national organizations.

While there have been no recent public reports of major cyberattacks on Brazilian retailers, data suggests that the sector is using stealthy malware and first-access techniques, exploiting remote devices and misconfigured cloud environments to infiltrate corporate networks.

Dior is notifying affected customers and collaborating with authorities. Consumers are advised to avoid clicking on unsolicited links, verify the origin of data change requests, and monitor their accounts for suspicious activity.

mundophone