In an email sent to affected clients on Monday, the luxury brand revealed an “unauthorised third party” had accessed its internal systems, taking personal information from a client database including first and last names, gender, country, phone number, email address, postal address and date of birth.

But some customers received a separate email saying their passport numbers had been accessed as well.

A Melbourne woman told news.com.au her passport number was included in the breach because she had made a purchase at Louis Vuitton overseas and had to give the number in order to claim the VAT.

“I was actually quite shocked,” she said.

“I’ve been impacted by the Qantas breach and the Optus breach, but a passport number, it’s a critical form of ID for taking out credit, so it’s very concerning.”

The breach was first detected on July 2, and Louis Vuitton claims it acted immediately to block the hacker’s access and contain the incident.

“Technical measures were immediately taken to contain the incident after its occurrence, notably by blocking the unauthorised access,” the company wrote.

“Louis Vuitton teams are mobilised to co-operate with the competent authorities.”

But the woman who spoke to news.com.au was not satisfied with the company’s response.

“I was really disappointed they took 20 days to notify people. I think that’s a long time for your data to be floating around without your knowledge,” she said.

She said the Australian Passport Office had recommended she renew her passport, but when she contacted Louis Vuitton they refused to cover the $412 cost.

“I think they’re probably just hoping that it goes away.

“In terms of paying for people’s ID to be replaced, they should be following through.”

It comes after Optus agreed to cover driver license-replacement fees for customers caught up in the company’s massive data breach in 2022.

Customers in NSW and ACT had their fees reimbursed, while other states and territories waived the replacement cost.

The breach impacted about 10 million Aussies and exposed personal information including driver license and passport numbers, which are used to verify a person’s identity.

There has been a string of data breaches at Australian companies, raising questions about whether they should hold personal details in their databases, and how that information should be protected.

Last month, almost six million customers were also affected in a major breach at Qantas.

Names, emails, addresses, dates of birth and phone numbers were all accessed when one of the airline’s call centres in Manila was hacked.

In a statement, Louis Vuitton Australia said it “immediately began taking steps to investigate and contain this incident, supported by leading cybersecurity experts”.

“While our investigation is ongoing, we can confirm that no payment information was contained in the database accessed,” the company said.

“We are working to notify the relevant regulators and affected clients in line with applicable law.

“At Louis Vuitton, we truly value the trust our clients place in us and the confidential nature of our relationship. We sincerely regret any concern or inconvenience this situation may cause. “We continuously work to update our security measures to protect against the evolving threat landscape, and we have taken steps to further strengthen the protection of our systems.”