Pandora has confirmed a cyberattack that resulted in customer names and email addresses being accessed via a third-party platform.
The Danish jewellery group said the incident has been contained and that no passwords, payment card details or other sensitive information were involved.
Details of the Breach
In notification emails sent to affected customers, Pandora stated: “We are writing to inform you that Pandora has experienced a cyber security attack, where some customer information was accessed through a third-party platform that we use. We want to reassure you that the attack has been stopped, and as a result we have further strengthened our security measures.”
The email added: “Only very common types of data were copied by the attacker – specifically name and email address. No passwords, credit card details, or similar confidential data was involved in this incident.”
Customers were also advised: “Therefore, we recommend that you do not click on links or download attachments from unknown sources” and to “pay extra attention to unusual emails and online activities prompting for your data as this could be phishing attempts from third parties pretending to be associated with Pandora.”
A Pandora spokesperson said: “Protecting our customers’ privacy is of the utmost importance to us. While incidents like these have unfortunately become increasingly common across industries, particularly among global companies, we take this matter very seriously. We are working closely with our supplier to investigate the incident thoroughly and to implement all necessary measures to ensure this does not happen again. Based on the current stage of investigation, we are confident that the attack has been contained.”
Reference to Salesforce
Pandora has not disclosed who was behind the attack. Technology news site BleepingComputer reported that the hacking group ShinyHunters had claimed responsibility and that the incident involved Pandora’s Salesforce database.
Salesforce said: “Salesforce has not been compromised, and the issues described are not due to any known vulnerability in our platform. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks.”
Wider Industry Context
The breach comes amid a rise in cyber incidents affecting both luxury and high street retailers. In the past year, Dior, Chanel, Harrods, Cartier and others have experienced similar events, often involving vulnerabilities in third-party systems.
Pandora said it has “carried out extensive checks” and “has not found signs that the stolen data has been leaked or shared.”
The company added: “Protecting your privacy is extremely important to us. While incidents like these have unfortunately become more common in recent years, especially among global companies, we take this matter very seriously.”
