The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong has initiated a formal investigation into a significant data breach involving luxury fashion brand Louis Vuitton, which reportedly compromised the personal information of approximately 419,000 customers based in the region.
According to an official statement issued by the PCPD, the breach notification was submitted by Louis Vuitton Hong Kong on July 17, 2025. The parent company’s headquarters in France had initially identified unusual activity within its computer systems on June 13, 2025, and following further analysis, confirmed on July 2 that the security incident had impacted customers in the Hong Kong region.
The privacy regulator confirmed that the leaked data includes full names, passport identification details, residential addresses, email addresses, telephone numbers, purchase history, and consumer product preferences—all of which are considered sensitive personal data under Hong Kong’s data protection laws.
As part of the investigation, the PCPD is examining whether Louis Vuitton Hong Kong complied with its legal obligation to provide timely notification of the data breach. The office has not yet received any formal complaints or inquiries from affected individuals, but stated that the matter is being taken seriously given the volume and sensitivity of the exposed information.
This incident follows closely on the heels of a similar cybersecurity breach in the Republic of Korea (South Korea) last month, where Louis Vuitton Korea reported the unauthorized access of certain customer contact information. In that case, the company noted that financial data such as credit card information had not been compromised.
Louis Vuitton, part of the multinational luxury goods conglomerate LVMH Moët Hennessy Louis Vuitton, has not yet released a public statement detailing the scope of the breach or outlining the specific remedial measures being undertaken to prevent similar incidents in the future.
The PCPD has reiterated its commitment to ensuring companies operating in Hong Kong adhere strictly to personal data protection principles, especially when handling large-scale customer databases in digitally connected retail environments.
 in Hong Kong has initiated a formal investigation into a significant data...){kind=link}