A Dior store in Shanghai Photo:VCG

Chinese public security authorities imposed administrative penalties on Christian Dior (Shanghai) Co., Ltd following investigations on reported data breach involving French fashion brand Dior, the authorities announced Tuesday. The investigation found that Dior (Shanghai) illegally transferred users' personal data to Dior's headquarters in France without undergoing a security assessment for cross-border data transfers or acquiring users' consent.

In May, several media outlets reported a data breach involving Dior, with users in Chinese mainland receiving warning messages from the company. In response, China's cybersecurity authorities launched an administrative investigation into Christian Dior (Shanghai) Co., Ltd, according to a statement issued by the Chinese national cybersecurity center.

The investigation found three violations by Dior (Shanghai) - illegally transferring users' personal data to Dior's headquarters in France without undergoing a security assessment for cross-border data transfers, signing a standard contract for personal data export, or obtaining data protection certification; failing to fully inform users of how their personal data would be handled overseas and obtain their "separate consent" before sharing it; failing to apply security measures such as encryption or de-identification to the personal data it collected, according to the statement.

Therefore, the local public security authorities, citing China's Personal Information Protection Law, imposed administrative penalties on Dior (Shanghai) Co., Ltd. 

The Global Times has reported in May that French fashion house Christian Dior informed some of its customers via text message of a data breach involving unauthorized access to a portion of its customer information.
 
According to the text message, Dior discovered on May 7 that external parties without authorization had accessed certain customer data held by the brand. The leaked information includes customers' names, gender, phone numbers, email addresses, mailing addresses, purchase amounts, shopping preferences, and other user data collected by the brand.