French luxury brand Dior is facing criticism in South Korea for failing to report a recent data breach affecting Korean customers to the Korea Internet & Security Agency (KISA), in violation of domestic regulations, a lawmaker’s office said Wednesday. (Image courtesy of Yonhap)
SEOUL, May 14 (Korea Bizwire) — French luxury brand Dior has come under scrutiny in South Korea for failing to report a recent data breach involving Korean customers to the Korea Internet & Security Agency (KISA), as required under domestic law, a lawmaker’s office said Wednesday.
According to Rep. Choi Soo-jin of the ruling People Power Party, Dior notified the Personal Information Protection Commission (PIPC) about the incident but neglected to report it to KISA, which oversees hacking and cybersecurity violations.
On May 7, Dior disclosed on its website that it had detected unauthorized access by a third party to some customer data, including contact information and purchase preferences. The company stressed that no financial information—such as credit card details or international bank account numbers (IBAN)—was compromised.
The breach originated at Dior’s global headquarters, not its Korean branch, but still involved domestic user data. Under South Korea’s Information and Communications Network Act, even incidents occurring overseas must be reported if they affect local users or the Korean market.
KISA reportedly contacted Dior Korea by phone to explain its reporting obligations. If the Ministry of Science and ICT determines that Dior failed to fulfill its legal duty, the company could face a fine of up to 30 million won (about $22,000).
The controversy follows recent criticism over delayed or incomplete breach reporting by major firms. “SK Telecom also delayed its report by two days. Now Dior has only informed the privacy commission, not KISA. This suggests that awareness around cybersecurity reporting obligations remains inadequate in the industry,” a spokesperson from Rep. Choi’s office said.
The incident underscores growing concerns about data protection enforcement in South Korea, especially as international firms expand their digital operations in the region.
Lina Jang (linajang@koreabizwire.com)
