[BreachExchange] Chanel Korea issues apology over data theft

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Mon Aug 9 11:41:53 EDT 2021


https://www.koreatimes.co.kr/www/tech/2021/08/129_313614.html

Online thieves managed to steal customer data, including phone numbers, in
a cyberattack on some data centers managed by Chanel Korea. It's unknown
whether clients affected by the data leak will take legal action against
the French luxury brand's Korean firm.

In a rare move, Chanel Korea issued a public apology after disclosing the
customer data leak that occurred between Aug. 5 and 6.

"Parts of our database, containing the personal information of the
customers who had registered for our cosmetics brand membership, have been
compromised. The leaked personal information includes: names, birthdays,
phone numbers and product purchase lists," Chanel Korea wrote on its
official website.

Customers who had agreed to provide their addresses, sex and email
addresses had this personal information stolen too. The site
vulnerabilities have reportedly been fixed since their discovery. Chanel
Korea said that it took immediate action to identify the cause of the
incident, while blocking the compromised internet protocol as well as
illegal access routes to its database.

The French luxury brand added that the stolen data did not include
customers' passwords or registration information.

"Those whose personal information was leaked have been notified
individually by us through emails or text messages. If you have been
contacted by an unknown number or email suspected of misusing your personal
information, or if you think you have already suffered any damage due to
the leak, please contact us by phone or email," Chanel Korea said. "We
sincerely apologize for causing this inconvenience."

The luxury brand is teaming up with a private cybersecurity firm, as well
as the Korea Internet & Security Agency and the Personal Information
Protection Commission, to investigate the case.

However, secondary damage is still a possibility and Chanel Korea has yet
to come up with concrete plans to compensate those affected. It also failed
to confirm the number of victims affected from the cyberattack.

Previously, when similar data leaks occurred at internet financial service
Toss and the local cryptocurrency exchange Bithumb and the personal
information of their customers was compromised, the two companies offered
100,000 won ($87.37) in compensation per victim voluntarily.

Meanwhile, local customers have already been complaining, as Chanel Korea
has raised the prices of its popular handbags and clothing twice this year,
while failing to protect customers' personal data.

"When we think of Chanel, we expect the best-quality products and
high-level service. That is why we spend thousands of dollars at their
boutiques. Chanel Korea should compensate its customers who were affected
by the cyberattack," a Chanel Korea customer said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210809/ae2462d9/attachment.html>


More information about the BreachExchange mailing list