What happened in the Louis Vuitton data breach?

In June 2025, hackers used phone scams to trick an employee at Louis Vuitton into granting access to the company's customer database. The breach exposed the personal information of more than 419,000 customers worldwide, including names, dates of birth, driver's license numbers, passport numbers, and partial Social Security numbers.

Is there a Louis Vuitton class action lawsuit?

Yes. Multiple class action lawsuits have been filed against Louis Vuitton North America in the Southern District of New York. The lawsuits allege the company failed to protect customer data and delayed notifying affected individuals. The cases are in early stages and no settlement has been reached.

How do I know if I was affected by the Louis Vuitton data breach?

Louis Vuitton began mailing breach notification letters to affected customers on August 22, 2025. If you received a letter, your data was compromised. If you are a Louis Vuitton customer and did not receive a letter but are concerned, you can call Louis Vuitton's support line at 1-866-566-3598.

Can I join the Louis Vuitton class action?

If your personal information was compromised in the Louis Vuitton data breach, you may be eligible to participate in a class action lawsuit. There is no claim form to fill out at this time. You should save your breach notification letter, enroll in the free credit monitoring, and consult with an attorney for a free case evaluation.

Louis Vuitton Data Breach Class Action Lawsuit: What Customers Need to Know

Q: Is there a Louis Vuitton data breach settlement?

No. As of March 2026, no settlement has been reached. The class action lawsuits are still in their early stages. Louis Vuitton is offering affected customers 24 months of free credit monitoring through Experian IdentityWorks.

By Steve Levine

Louis Vuitton Data Breach Class Action Lawsuit

Published: March 31, 2026

If you have ever shopped at Louis Vuitton and shared your personal information with the company, your data may have been stolen by hackers. In the summer of 2025, cybercriminals broke into a Louis Vuitton customer database and made off with the personal details of more than 419,000 customers around the world, including tens of thousands in the United States. The stolen data included names, dates of birth, driver's license numbers, passport numbers, and even partial Social Security numbers.

Now, Louis Vuitton North America is facing multiple class action lawsuits from customers who say the luxury fashion brand failed to protect their data and took too long to tell them about the breach. The lawsuits are still in their early stages and no settlement has been reached, but affected customers should understand what happened, what information was compromised, and what steps they can take right now to protect themselves.

How the Louis Vuitton Data Breach Happened

The Louis Vuitton data breach was not a case of some hacker sitting in a dark room cracking passwords. It was a phone scam. The attackers, believed to be part of a cybercriminal group called ShinyHunters, called employees at Louis Vuitton and pretended to be IT support staff. Using convincing scripts and social engineering tactics, they tricked at least one employee into giving them access to the company's Salesforce database — the system Louis Vuitton uses to store customer information.

Once inside, the hackers were able to download customer records in bulk. The breach was first detected on June 7, 2025, but Louis Vuitton did not begin notifying affected customers until August 22, 2025 — more than two months later.

That delay is a major issue. Several states, including Texas and Washington, require companies to notify consumers about a data breach within 30 days. Louis Vuitton missed that deadline by a wide margin, and the lawsuits allege the company violated state data breach notification laws as a result.

What makes this breach even more frustrating for consumers is that it may have been preventable. Salesforce had actually published a warning to its customers in March 2025 — three months before the Louis Vuitton breach — alerting them to the exact type of phone scam that ShinyHunters was using. Google's Threat Intelligence Group issued a similar warning. According to the lawsuits, Louis Vuitton did not act on those warnings or implement basic security measures that could have stopped the attack, such as multi-factor authentication and restricted network access.

What Personal Information Was Stolen

The Louis Vuitton data breach exposed sensitive personal information that could be used for identity theft and fraud. According to breach notification letters sent by Louis Vuitton, the stolen data included:

• Full names
• Home addresses
• Email addresses
• Phone numbers
• Dates of birth
• Driver's license numbers
• Passport numbers and other government-issued ID numbers
• Partial Social Security numbers

Louis Vuitton confirmed that no payment card numbers, bank account information, or passwords were compromised. However, the type of information that was stolen is exactly what criminals need to open new credit accounts in your name, file fraudulent tax returns, or commit other forms of identity theft. A stolen Social Security number, even a partial one, combined with a name and date of birth, gives identity thieves a powerful starting point.

Who Was Affected by the Louis Vuitton Data Breach

The breach affected more than 419,000 customers across multiple countries, including the United States, the United Kingdom, South Korea, Turkey, Italy, and Sweden. In the United States specifically, Louis Vuitton reported the breach to attorneys general in California, Massachusetts, Vermont, Washington, and Texas.

Based on those filings, at least 23,570 Texas residents and 17,615 Washington state residents were among those affected. The total number of U.S. customers impacted is likely much higher when all states are accounted for.

If you are a Louis Vuitton customer who has provided personal information to the company — whether through an in-store purchase, online order, or customer account — and you received a breach notification letter in August or September 2025, your data was part of this breach.

The Louis Vuitton Class Action Lawsuits

Several class action lawsuits have been filed against Louis Vuitton North America, Inc. in the Southern District of New York. The cases allege that Louis Vuitton was negligent in protecting customer data and that the company breached its obligations to consumers.

Among the key lawsuits are Butler-Adams v. Louis Vuitton North America, Inc. (Case No. 1:25-07109) and Miamen, et al. v. Louis Vuitton North America, Inc. (Case No. 1:25-07183), both filed in 2025. Four of the five actions against Louis Vuitton in the Southern District of New York have already been designated as related cases and assigned to the same judge.

In January 2026, a new lawsuit added to the pressure on Louis Vuitton. In Winkler, et al. v. Louis Vuitton North America Inc. (Case No. 1:26-cv-00702), Maryland resident Adriana Winkler filed a 48-page complaint calling the breach "highly preventable." The Winkler lawsuit makes several key claims:

• Louis Vuitton failed to implement basic security measures that were available through Salesforce, including Salesforce Shield
• The company ignored specific warnings from both Salesforce and Google about the ShinyHunters phone scam campaign
• Louis Vuitton waited more than two months to notify customers, violating state data breach notification laws
• The company is guilty of negligence and breach of implied contract

Louis Vuitton was also part of a larger proposed class action filed in November 2025 in the Northern District of California, which targeted multiple Salesforce clients including Louis Vuitton, TransUnion, and Qantas over what plaintiffs described as a "hub-and-spoke" data breach. However, in December 2025, the U.S. Judicial Panel on Multidistrict Litigation declined to create a broad multi-defendant MDL, finding that each company's breach involved different facts and circumstances. That means the Louis Vuitton lawsuits will continue on their own track in New York.

Is There a Louis Vuitton Data Breach Settlement?

No. As of March 2026, there is no settlement in any of the Louis Vuitton data breach class action lawsuits. The cases are still in the early stages of litigation, meaning attorneys are filing initial motions, exchanging documents, and building their cases. Settlement negotiations, if they happen, are likely months or even years away.

There is also no claim form to fill out at this time. If and when a settlement is reached and a class is certified, affected customers would receive instructions on how to file a claim. For now, the most important thing you can do is hold onto your breach notification letter and take steps to protect your personal information.

What Louis Vuitton Is Offering Affected Customers

Louis Vuitton is offering affected customers 24 months of free credit monitoring through Experian IdentityWorks. The service includes:

• Credit monitoring across all three bureaus (Experian, Equifax, and TransUnion)
• Fraud resolution support
• Identity theft insurance

If you received a breach notification letter from Louis Vuitton, it should include an enrollment code and instructions for signing up. You do not need a credit card to enroll. If you have questions about enrollment, you can contact Louis Vuitton's dedicated support line at 1-866-566-3598.

What You Should Do Right Now

Whether or not you decide to get involved in the class action, there are steps every affected customer should take immediately to reduce the risk of identity theft:

1. Enroll in the free credit monitoring. Louis Vuitton is paying for 24 months of Experian IdentityWorks. Sign up as soon as possible to start monitoring your credit files for any suspicious activity.

2. Place a fraud alert on your credit file. Contact any one of the three credit bureaus — Equifax, Experian, or TransUnion — to place a fraud alert. This requires lenders to verify your identity before opening new accounts in your name. The alert is free and lasts one year.

3. Consider a credit freeze. A credit freeze goes further than a fraud alert. It blocks anyone from opening new credit accounts in your name entirely. You can freeze your credit for free at each of the three bureaus and lift it temporarily whenever you need to apply for credit.

4. Check your credit reports. Visit AnnualCreditReport.com to get free copies of your credit reports from Equifax, Experian, and TransUnion. Look for accounts you do not recognize, inquiries you did not authorize, or addresses that are not yours.

5. Watch out for scams. Criminals who steal personal data often follow up with phishing emails, fake text messages, or phone calls pretending to be from Louis Vuitton, your bank, or a government agency. Do not click links in unsolicited messages or provide personal information over the phone unless you initiated the call.

6. Save your breach notification letter. If you received a letter from Louis Vuitton about the data breach, keep it. It may serve as proof that you were affected if a settlement is reached in the future.

Bottom Line

The Louis Vuitton data breach exposed the personal information of hundreds of thousands of customers because of a phone scam that the company had been warned about months in advance. Multiple class action lawsuits are now moving forward in federal court in New York, alleging Louis Vuitton was negligent and too slow to act. No settlement has been reached and there is no claim form to fill out right now, but affected customers should take steps to protect their identities immediately by enrolling in the free credit monitoring and placing alerts or freezes on their credit files.

This story is developing and we will continue to cover it as the litigation progresses.

How Do I Find Class Action Settlements?

Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:

About This Article

This article covers the class action lawsuits filed against Louis Vuitton North America, Inc. following the 2025 data breach that exposed the personal information of more than 419,000 customers. The cases are in their early stages and no settlement has been reached. OpenClassActions.com covers class action lawsuits, settlements, and consumer legal developments. OpenClassActions.com is a consumer advocacy and class action news site, and is not a class action administrator or a law firm.

For more class actions keep scrolling below.