Luxury fashion giant Dior and steel manufacturing giant Nucor both announced that the companies were dealing with cybersecurity incidents. This is another sign of the cyber-challenges directed to major corporations.
Looking at these incidences for Digital Journal is Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka.
Dior
Starting with the French perfumery and clothing company (which started out designing dresses for the wives of Nazi officers and French collaborators), Sood observes: “French luxury fashion giant Dior has fallen victim to a cyberattack, which impacted Dior Fashion and Accessories customers.”
In terms of the extend of the data breach, Sood finds: “While details about the number of customers and countries affected are not publicly available, Dior’s South Korean website confirmed the data breach, exposing full names, phone numbers, postal addresses, and purchase history. Dior asserted that account passwords and payment card information were not exposed or stored in a separate, unaffected database.”
In terms of the wide implications for the sector, Sood expresses the view: “A cyberattack targeting a fashion brand like Dior highlights how the luxury and retail sectors are increasingly in the crosshairs of cybercriminals. These brands hold valuable customer data, intellectual property, and supply chain information, making them attractive targets for ransomware, data breaches, or brand impersonation attacks. Beyond financial impact, such incidents can damage brand reputation and erode customer trust. The attack surface broadens as luxury brands expand their digital presence through e-commerce, influencer marketing, and global logistics.”
From this, lessons can be drawn. Sood advises: “This breach is a reminder of why organizations must adopt a proactive security strategy. This should include continuous monitoring, threat detection, access control, and resilience planning to reduce the attack surface.”
He additionally recommends: “By integrating incident response plans, backup strategies, and red team/blue team exercises, businesses can ensure rapid containment and recovery from potential threats while continuously refining their defences against evolving cyber risks.”
Nucor
With the Nucor incident, Sood has established: “Nucor Corporation, the U.S.’s largest steel producer, disclosed a cybersecurity incident in an 8-K filing submitted to the SEC earlier today. Although the full scope and actor behind the attack are unknown, the company was forced to temporarily suspend production at multiple locations and take portions of its networks offline as it implemented containment measures. It has now begun to restart them gradually.”
This presents a different risk framework to Dior: “A cyberattack targeting Nucor underscores the growing threat to industrial control systems (ICS) and operational technology (OT) environments. Unlike traditional IT breaches, such attacks directly impact physical processes, leading to downtime, financial losses, and potential safety risks. Disruption in steel production can ripple through supply chains, affecting construction, automotive, and manufacturing sectors. These incidents often involve ransomware, targeted malware, or access through compromised third-party systems.”
There are also other measures for businesses to consider. Sood identifies these as: “This incident reminds us of the importance of implementing swift containment strategies, including network segmentation, virtual local area network (VLAN) quarantining, and zero-trust network access (ZTNA). Operational downtime can pose a significant risk in these types of attacks. These measures are critical in restricting attackers’ lateral movement once a breach occurs, limiting the impacts and minimizing downtime.”
