South Korea’s Personal Information Protection Commission has fined the Korean units of Louis Vuitton, Christian Dior Couture, and Tiffany a combined 36 billion Korean won ($24.9 million) for customer data leaks. Louis Vuitton Korea received the heaviest penalty — 21.4 billion won ($14.8 million) — after an external actor hacked an employee device on three occasions, exposing data from approximately 3.6 million customers. Christian Dior Couture Korea was fined 12.2 billion won ($8.4 million) for a breach affecting 1.95 million users, while Tiffany Korea received a 2.4 billion won ($1.7 million) fine for a leak involving 4,600 users. Both the Dior and Tiffany breaches involved employees granting system access to malicious actors.

Related reading: Dior’s China data breach exposes elite clients