Jewelry giant Pandora has confirmed it was the victim of a cyberattack that exposed customer data, the latest in a series of high-profile retail sector breaches. The company disclosed in a letter to affected customers that the breach occurred not through its core systems, but through a third-party platform it uses for customer engagement and services.
While the company has not publicly named the vendor, multiple security reports suggest the breach is connected to an ongoing campaign by the cybercriminal group ShinyHunters, which has been targeting customer relationship management (CRM) platforms, including Salesforce, used by several other luxury brands.
Pandora assured customers that the compromised data was limited to “very common types,” specifically names and email addresses. The company stated that no passwords, credit card details, or other confidential financial information were accessed during the incident. While this may seem a minor detail, cybersecurity experts have warned that even this basic information is a valuable asset to attackers. Stolen names and email addresses can be used to launch highly convincing phishing attacks, where criminals impersonate Pandora to trick customers into revealing more sensitive data, such as login credentials or credit card numbers.
The breach at Pandora follows similar incidents at other major retailers, including Chanel, Marks & Spencer, and Co-op, highlighting a growing vulnerability in the retail industry’s reliance on complex digital ecosystems and third-party vendors. Security experts emphasize that an organization’s cybersecurity is only as strong as its weakest link, and third-party relationships often present a significant attack surface for cybercriminals.
Pandora has stated that the attack has been contained and that it has “further strengthened” its security measures. The company is advising customers to be extremely vigilant of any suspicious emails or online activities and to avoid clicking on links or downloading attachments from unknown sources. Customers are also encouraged to use strong, unique passwords for their online accounts and to enable multi-factor authentication whenever possible.
The incident is a sobering reminder for both businesses and consumers of the evolving nature of cyber threats. As attackers increasingly shift their focus from direct system disruption to stealthy data exfiltration via supply chain vulnerabilities, companies must prioritize continuous monitoring and robust security protocols across their entire network of vendors. For consumers, the message is clear: even if a company’s main systems are secure, your data may still be at risk.
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
