Louis Vuitton and Rezayat Group: Data Breaches with Global Aftermath
This week’s cybersecurity roundup highlights two high-profile incidents with global repercussions. The data of over 500,000 Louis Vuitton customers in Turkey and Hong Kong was exposed in a cyberattack. In Saudi Arabia, attackers leaked confidential business partner details and internal project documents from Rezayat Group—raising serious concerns about corporate data security.
Cybercriminals have once again set their sights on companies in the Middle East, with Saudi Arabia-based Rezayat Group becoming the latest victim of a cyberattack. The multibillion-dollar conglomerate, which operates across energy, logistics, water, power generation, and other sectors through 25 subsidiaries, has yet to issue an official statement regarding the incident.
The attackers listed Rezayat on their data leak site, claiming to have stolen 10 GB of sensitive data, including blueprints, architectural plans, financial documents, and contracts with the company’s clients.
With over 20,000 employees across 13 global subsidiaries, Rezayat’s extensive network raises concerns that the stolen data could be weaponized in supply chain attacks targeting its clients and business partners.
This breach appears to be part of an ongoing campaign against Middle Eastern firms. The same threat actor has previously successfully infiltrated several Gulf-based organizations, including UAE medical service provider Mediclinic and Coca-Cola Al Ahlia, a regional bottler.
The full extent of the breach remains unclear. However, given Rezayat’s multinational operations, the leak could potentially impact a significant number of employees and may require reporting to multiple regulatory authorities across different jurisdictions.
Another cyberattack has hit Louis Vuitton, revealing how damaging data breaches can be for global corporations—and how far-reaching the aftermath can be. The French luxury house confirmed unauthorized access to its systems and has begun notifying affected customers while coordinating with relevant authorities.
The full scale of the data leak has yet to be determined. Louis Vuitton confirmed that customers from Turkey, Hong Kong, and other countries were impacted. The type of exposed data may vary by region, but officials stated that no financial information was compromised.
Not all details about the incident are available yet, as the investigation is still ongoing. It’s known that the attackers maintained access to internal systems for a month, exploiting a compromised third-party service provider’s account. At this stage, the company has confirmed that data from 142,995 customers in Turkey—including names and contact details—was exposed. The Turkish Personal Data Protection Board published an official notice on its website, confirming that Louis Vuitton had reported the breach to regulators.
In Hong Kong, the breach had more severe consequences, affecting approximately 419,000 clients. The stolen data included sensitive details such as:
- Names and addresses,
- National ID numbers,
- Phone numbers and email addresses,
- Shopping history, and other personal data.
Hong Kong’s regulatory watchdog has launched its own investigation to uncover further details about the incident and determine whether Louis Vuitton violated legal requirements by delaying its notification to authorities.
Security incidents can have significant consequences for international companies, which must comply with varying legal regulations across different countries. Noncompliance may result in hefty fines—on top of incident mitigation costs—along with reputational damage and lost profits due to operational disruptions.
To ensure robust protection of sensitive data, our team has developed Risk Monitor, a Next-Gen Data Loss Prevention (DLP) system. The solution ensures reliable and effective prevention of accidental and intentional data leaks. It monitors all major channels of business communications, providing transparency over data motion and preventing illicit operations of data transmission. Beyond data protection, Risk Monitor also safeguards against business risks such as corporate fraud, document forgery, and other forms of corporate asset misuse. With Next-Gen DLP, your confidential documents receive 360-degree protection while ensuring compliance with legal requirements.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!