According to news on September 9, according to the National Cyber ​​Security Reporting Center, in May this year, many media reported that a data leak occurred in the French fashion consumer brand Dior, and users in mainland China also successively received official warning text messages from Dior. In response, the public security and cyber security department organized an administrative investigation into Dior (Shanghai) Company in accordance with the law.

After investigation, Dior (Shanghai) Company had three illegal facts: First, it failed to pass the data export security assessment, enter into a standard contract for personal information export, or pass the personal information protection certification, and illegally transmitted users' personal information to the Dior headquarters in France. Second, before providing users' personal information to Dior headquarters in France, users were not fully informed of the processing methods of overseas recipients of their personal information, and "individual consent" was not obtained from users. Third, security technical measures such as encryption and de-identification were not adopted for the collected personal information. The local public security organs imposed administrative penalties on Dior (Shanghai) Company in accordance with the provisions of the "Personal Information Protection Law".

Security Tip: Citizens’ personal information is protected by law. Personal information processors are requested to take this case as a lesson, follow the principles of legality, legitimacy, necessity and good faith, implement the relevant provisions of the "Personal Information Protection Law" on personal information processing and cross-border provision, regulate the collection, storage, use, processing, transmission, provision, disclosure, deletion and other full life cycle processing activities of personal information, and effectively protect the security of users' personal information.


According to previous news, on the evening of May 12, French luxury goods giant Dior sent text messages to Chinese customers confirming that its database had been accessed without authorization on May 7, 2025, resulting in the leakage of some customers' personal information. The scope of the leaked data is wide, covering sensitive information such as customer name, gender, mobile phone number, email address, mailing address, consumption amount and preferences, but does not involve financial information such as bank accounts and credit cards.