Louis Vuitton may be facing a potential class action case over a breach that exposed data of consumers in the U.S. market. The headline-making breach – which was first identified in June but only recently disclosed to American regulators – compromised sensitive customer information, including names, contact details, dates of birth, and government identification numbers. The stateside fallout now threatens to turn a luxury brand known for exclusivity into the latest cautionary tale of corporate cybersecurity failure.
The data breach stems from unauthorized access to Louis Vuitton’s network on June 7, 2025, first disclosed by the LVMH-owned luxury goods titan in early July as affecting more than 419,000 customers across South Korea, Turkey, the United Kingdom, Italy, and Sweden. However, new data breach notifications indicate the breach also extended to consumers in the U.S. On or around August 22, Louis Vuitton North America alerted the Attorneys General of California, Texas, and Washington of the incident.
According to the Texas and Washington data breach directories, 23,570 Texas residents and 17,615 Washington residents will receive notice of the breach.
Legal experts say the delayed notifications – which came more than two months after the initial discovery – could place Louis Vuitton North America, Inc. in violation of state data breach statutes, raising the stakes for one of the world’s most prominent luxury brands as it contends with mounting scrutiny over its cybersecurity practices.
>> U.S. law requires companies to notify affected individuals of data breaches without unreasonable delay, with states like Texas and Washington mandating disclosure within 30 days. California also requires notice to both residents and the Attorney General when more than 500 residents are impacted. Louis Vuitton’s more than two-month delay in notifying U.S. customers may put it in violation of these state statutes, exposing the company to regulatory action and potential class litigation.
As for legal action, Schubert Jonckheer & Kolbe LLP issued an alert on August 27, stating that it is investigating a data breach that led to unauthorized access to customer information held by Louis Vuitton North America, Inc., the United States subsidiary of French luxury fashion house Louis Vuitton Malletier SAS. The San Francisco-based firm says that affected individuals may face risks of identity theft and other privacy violations and could be entitled to damages and injunctive relief requiring Louis Vuitton to strengthen its cybersecurity practices.
A representative for Louis Vuitton was not immediately available for comment.
Share
