South Korea’s PIPC fined Louis Vuitton, Dior, and Tiffany a combined 36 billion won after a hacker campaign exposed millions of customer records through a SaaS intrusion tied to attacks on Salesforce customers. The Scattered LAPSUS$ Hunters extortion group gained access via social engineering, including voice phishing and malware on employee devices, leading to large-scale data exposure. #ScatteredLAPSUSHunters #Salesforce
Keypoints
- The PIPC imposed 36 billion won in fines on Louis Vuitton, Dior, and Tiffany.
- Louis Vuitton was fined roughly $15 million after malware on employee devices exposed about 3.6 million records.
- Dior was fined over $8.4 million following a voice phishing attack that exposed 1.95 million records.
- Tiffany was ordered to pay $1.6 million after a voice phishing incident exposed roughly 4,600 records.
- The campaign targeted Salesforce customers and has been linked to social engineering by the Scattered LAPSUS$ Hunters extortion group.