Cyber Incident Victim: Luxury Brands Retailer in Latin America

On or around February 7, 2023, a threat actor listed a dataset allegedly containing customer information from Dorben Group, a retail partner for luxury brands including Valentino, Michael Kors, Creed, Carolina Herrera, and others across Latin America, on a hacker forum. The leaked database purportedly contained personal details of 790,000 customers, including full names, email addresses, phone numbers, and home addresses, with the data reportedly dating to September 2022. Cybernews researchers identified the listing but could not independently verify its authenticity. Dorben Group, which operates 70 stores in 10 countries through joint ventures and franchises, did not respond to requests for comment regarding the alleged breach. The company maintains offices in the United States, Brazil, Colombia, and the Dominican Republic, partnering with over 20 luxury brands and employing approximately 500 people.

The threat actor responsible for posting the dataset joined the forum in August 2022 and had no established reputation among other members, though they had previously listed dozens of other allegedly breached datasets from global organizations. While financial information was not explicitly mentioned in the Dorben leak, security researchers emphasized the risks posed by exposure of personal identifiers, including potential identity theft and targeted scams. The incident followed a pattern of high-profile breaches targeting major brands, including a February 2023 leak of 52,000 US Cellular customer records and a January 2023 incident involving Puma customer data, both attributed to different threat actors. No containment measures, forensic findings, or technical details about the intrusion method were disclosed by Dorben Group or its partner brands as of the article’s publication date. The lack of confirmed remediation actions or breach acknowledgments left the scope and validity of the incident unresolved in public reporting.