Dior, Adidas, M&S, and others face escalating data breaches

As the fashion world eagerly studies the new captivating trends of Fashion Week Spring-Summer 2026, Surfshark’s research highlights a growing threat: data breaches impacting major fashion brands. Overall, over 23 billion accounts have been compromised in the last 20 years¹, and popular brands like Dior, M&S, Adidas, Levi's, and others are not immune, contributing to the total number of breached accounts. Especially in 2025, since five major fashion companies have already been breached and 1.4 million customers' data has been leaked. Learn more about the risks and the brands affected below.

Key insights

• From the first reported breaches in 2005 to 2025, fashion companies have leaked data on approximately 362 million customers in total. The largest data breach occurred in 2018, when the US sportswear company Under Armour exposed data from 150 million customers². The leaked information included usernames, email addresses, and hashed passwords.
• The number of breaches peaked in 2025, with five companies reporting incidents that year. In earlier years, such as 2024, 2023, and 2019, three leading fashion companies experienced yearly breaches. Prior to 2019, fashion brand breaches were less common, typically affecting only one or two companies per year or none in some years.
• In 2025, five high-profile fashion companies experienced data breaches that led to leaked customer data. France-based Louis Vuitton, the largest fashion company by market cap, exposed the data of 419K customers³. Dior, another French fashion giant, leaked information on one million users. The compromised data included names, government-issued IDs, addresses, email addresses, phone numbers, and purchase histories⁴. Three other companies, Richemont⁵ (Switzerland), Adidas⁶ (Germany), and Marks & Spencer⁷ (UK), also reported data breaches affecting some of their customers, although they did not disclose the exact number of those affected.
• Out of the 50 fashion companies with the largest market share, 20 have experienced data breaches in the past. In 2024, three US-based companies experienced data breaches: Skechers⁸ (114K customers), Levi Strauss & Co.⁹ (72K customers), and Dick’s Sporting Goods¹⁰, which did not report exact numbers but confirmed that sensitive data was exposed in a cyberattack.
• While most data breaches we hear about involve the leak of emails, passwords, or contact information, it's important to note that several breaches since 2005 have resulted in the exposure of financial information, such as credit and debit card numbers. In fact, six incidents involved financial information, which increases the risk of fraud and identity theft for those affected. In total, the financial data of 105 million customers was leaked. The most recent incident involving customer financial information was the breach of Levi Strauss & Co. in 2024, affecting 72K customers⁹. In this case, only the last four digits of users’ payment cards were shared, along with other personal data.
• Looking at the countries of these companies, the United States leads with 10 out of 22 fashion companies experiencing breaches. Germany, the UK, France, and Italy each saw two out of four of their leading fashion companies breached. Additionally, one company each from Switzerland and Japan reported data breaches. In contrast, companies based in Canada (three in total), Spain (two), Sweden, and China (one each) did not report any breaches.

Methodology and sources

We identified the 50 largest fashion companies by market capitalization¹¹. For each company, we conducted a Google search using the company name combined with the keyword ‘’data breach’’ to determine whether the company had experienced a data breach that resulted in a customer data leak. We reviewed the first page of search results for relevant information. After gathering these results, we analyzed how many fashion companies had been breached, the dates of the breaches, the types of customer data exposed, and the number of affected customers.

References: