Chinese authorities have imposed an administrative penalty on Christian Dior's company in Shanghai for violating rules on data transmission, according to a government statement issued Tuesday.

Public security and cybersecurity departments launched an investigation after news reports in May said Dior customers in China had received text messages about a data leak.

Investigators found that the Shanghai unit transmitted customers' personal information to the luxury brand's headquarters in France without conducting a safety assessment of the outbound transfer, signing a standard contract, or obtaining certification for personal information protection, the statement said.

The company also failed to fully inform customers how their information would be processed overseas or obtain their individual consent before sending the data abroad, it said. In addition, it did not encrypt or de-identify the personal information it collected.

According to news reports, Dior sent Chinese customers text messages in May warning of a data breach. Online pictures of the messages show that on May 7 Dior discovered part of its customer data had been accessed by unauthorized personnel outside the company.

Dior said in the message it was investigating the incident, had taken measures in response, and reported it to regulators.

The government statement urged personal information handlers to learn from the case and strictly comply with the country's Personal Information Protection Law on processing and cross-border transfers of personal information.