Another retailer suffered a cyberattack. Danish jewelry company Pandora sent emails to its customers informing them that their data might have been stolen.
Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.
Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.
“We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use,” reads a Pandora data breach notification sent to customers.
“We stopped the access and have further strengthened our security measures.”
As first reported by Forbes, only customers’ names, birthdates, and email addresses were stolen in the attack. Passwords, IDs, and financial information were not exposed.
Ignas Valancius, head of engineering at cybersecurity company NordPass, comments:
“This is not the first time this year that an attack was carried out by exploiting the weaknesses of third-party business partners. I don’t want to point fingers, but those cases are quite high profile and were discussed in the media. Actually, according to a Verizon report, around 30% of data breaches in 2025 involved third-party suppliers. You would think that large, experienced companies would learn from others’ mistakes and check their partners’ cybersecurity policies and practices. But apparently, it’s not the case.
“I know it’s not as easy as it sounds. Companies today use dozens or even hundreds of different vendors, from coffee suppliers to cloud providers and remote support desk services, which greatly increases the risk of being exposed through their system. We use quite a few third-party services ourselves. I know it takes time and effort to set security requirements for partners and verify their compliance, but discussing cybersecurity matters with them is a very healthy business exercise.
“If the news reports are accurate, Pandora customers should be in no immediate danger. Cybercriminals allegedly were able to access only names and email addresses. Passwords and credit card details were not disclosed. However, people should be vigilant, as such breaches are often followed by phishing attacks. Don’t fall into the trap and start clicking jewelry discount links you suddenly receive. Carefully read the addresses from which you receive emails and do not click on links in unsolicited communication. – it’s better to go to the website directly. I also highly recommend turning on multi-factor authentication.”
Here’s a quick primer on the ongoing Salesforce attacks that are mentioned in the article.
This highlights the fact that companies need to do a much better job of stopping attacks like this. It’s a lot of effort, but it’s well worth it to not be Pandora.
Like this:
Like Loading...
Related
This entry was posted on August 6, 2025 at 8:54 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Pandora Pwned In Salesforce Related Attack
Another retailer suffered a cyberattack. Danish jewelry company Pandora sent emails to its customers informing them that their data might have been stolen.
Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.
Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.
“We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use,” reads a Pandora data breach notification sent to customers.
“We stopped the access and have further strengthened our security measures.”
As first reported by Forbes, only customers’ names, birthdates, and email addresses were stolen in the attack. Passwords, IDs, and financial information were not exposed.
Ignas Valancius, head of engineering at cybersecurity company NordPass, comments:
“This is not the first time this year that an attack was carried out by exploiting the weaknesses of third-party business partners. I don’t want to point fingers, but those cases are quite high profile and were discussed in the media. Actually, according to a Verizon report, around 30% of data breaches in 2025 involved third-party suppliers. You would think that large, experienced companies would learn from others’ mistakes and check their partners’ cybersecurity policies and practices. But apparently, it’s not the case.
“I know it’s not as easy as it sounds. Companies today use dozens or even hundreds of different vendors, from coffee suppliers to cloud providers and remote support desk services, which greatly increases the risk of being exposed through their system. We use quite a few third-party services ourselves. I know it takes time and effort to set security requirements for partners and verify their compliance, but discussing cybersecurity matters with them is a very healthy business exercise.
“If the news reports are accurate, Pandora customers should be in no immediate danger. Cybercriminals allegedly were able to access only names and email addresses. Passwords and credit card details were not disclosed. However, people should be vigilant, as such breaches are often followed by phishing attacks. Don’t fall into the trap and start clicking jewelry discount links you suddenly receive. Carefully read the addresses from which you receive emails and do not click on links in unsolicited communication. – it’s better to go to the website directly. I also highly recommend turning on multi-factor authentication.”
Here’s a quick primer on the ongoing Salesforce attacks that are mentioned in the article.
This highlights the fact that companies need to do a much better job of stopping attacks like this. It’s a lot of effort, but it’s well worth it to not be Pandora.
Share this:
Like this:
Related
This entry was posted on August 6, 2025 at 8:54 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.