The Personal Information Protection Commission announced on the 1st that it is investigating personal information leak incidents involving luxury brands Dior and Tiffany.
This leak incident occurred while both corporations were using software-as-a-service (SaaS)-based customer management services, and staff accounts accessing the software were identified as the leak source. The incident at Dior occurred around January this year, which was recognized on May 7 and reported on May 10. Tiffany became aware of the incident in April and reported it on May 22.
The Personal Information Protection Commission is confirming the targets and scale of the leak, as well as the implementation of technical and management protective measures through this investigation, and it is also conducting a focused review on the reasons for the delay in notifying the information subjects and reporting the leak. If any illegal activities are confirmed, actions will be taken according to relevant laws.
Additionally, the Personal Information Protection Commission emphasized the need for corporations using SaaS-based services to prevent similar incidents by implementing dual authentication, IP access restrictions, and enhancing education and management for personal information handlers.