Pandora, the world’s largest jewelry brand by revenue, has confirmed it was the target of a cyberattack that exposed customer data. The Danish company, known for its charm bracelets and global retail presence, said the breach occurred via a third-party platform it uses for customer services.
The incident, first reported by Forbes, adds Pandora to an increasingly long list of luxury and high-street retailers affected by cybersecurity breaches in recent months.
In a service email titled “This is an important service email from Pandora regarding a personal data breach,” customers were informed that basic personal details (names and email addresses) had been accessed during the attack.
“We are writing to inform you that Pandora has experienced a cybersecurity attack, in which customer information was accessed through a third-party platform that we use,” the company wrote.
While Pandora confirmed that the attack has been contained, it offered limited technical detail. There’s no public evidence yet that the stolen data has appeared on leak sites, and the company maintains that more sensitive information remains secure.
“Only very common types of data were copied by the attacker, specifically name and email address,” the email said. “We’d like to stress that no passwords, credit card details, or similar confidential data was involved in this incident.”
That’s small comfort in a year that has seen luxury brands in the crosshairs of sophisticated cybercriminals. Dior, Chanel, and Harrods have all faced similar security events. In some cases, attackers have used lookalike domains, phishing campaigns, or third-party vulnerabilities to slip past defences.
This week, it was reported that Chanel was caught up in an attack involving a third-party logistics provider. Earlier this year, a breach at Cartier accessed customer data. Dior, Harrods, Marks & Spencer, and Co-op.
have also reported recent incidents.
Pandora says it has “carried out extensive checks” and has not found signs that the stolen data has been leaked or shared. Still, customers are being urged to remain cautious.
“We recommend that you pay extra attention to unusual emails and online activities prompting for your data as this could be phishing attempts from third parties pretending to be associated with Pandora,” the company said. “Do not click on links or download attachments from unknown parties.”
There is no mention of ransomware in Pandora’s statement, but the pattern fits a familiar story. Attackers seek any point of entry (be it a supplier, platform, or employee account) and use it to collect data or extort payment. The jewelry sector is a ripe target: valuable clientele, global operations, and complex supply chains make them compelling targets.
Pandora says it has since strengthened its security measures, though it hasn’t disclosed what changes have been made. The company expressed regret over the breach and pointed customers to its website for further information.
“Protecting your privacy is extremely important to us,” the company said. “While incidents like these have unfortunately become more common in recent years, especially among global companies, we take this matter very seriously.”
For now, customers are left watching their inboxes and wondering whether their details are circulating unseen. Retail giants are being tested. As the digital storefront becomes as vital as the glass one, brands will have to secure both with equal care.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.