A data breach on a third-party customer relationship management system has leaked personal information from European fashion retailers Pandora and Chanel.
The third-party data breach potentially stems from the Salesforce hacking campaign that began in April 2025 and has affected dozens of high-profile organizations.
Jewelry maker Pandora confirms apparent Salesforce data breach
Danish jewelry maker Pandora has begun notifying impacted individuals about the third-party data breach. It claims that the cyber incident leaked “very common types” of data, specifically names and email addresses.
However, it did not expose customers’ credit cards, account passwords, and “similar confidential data.”
While the data breach did not leak user account login information like passwords, exposing their email addresses puts them at risk of various cyber attacks, such as password spraying and phishing attacks.
Armed with the users’ email addresses, determined threat actors can leverage previous data breaches to match or crack leaked passwords.
Subsequently, Pandora advised its customers to remain vigilant for suspicious emails or activity by fraudsters attempting to impersonate its employees to obtain more useful information.
Impacted customers should also reset their account passwords using strong passphrases and enable multi-factor authentication to secure their accounts.
Meanwhile, Pandora has asserted that it has successfully terminated the threat actor’s access and strengthened its security measures.
It also claims that it has found no evidence that the stolen data has been published online after conducting extensive checks.
The luxury jewelry maker was also working with the impacted third-party vendor to investigate the data breach and implement the necessary security measures.
Chanel joins the list of compromised luxury fashion retailers
The Pandora data leak comes hot on the heels of the Chanel data breach that also stemmed from a third-party cloud-based management information system.
During the cyber attack, the threat actors accessed a subset of personal information for Chanel customers located in the United States.
“Based on the findings of the investigation, the data obtained by the unauthorised external party contained limited details of a subset of individuals who contacted our client care centre in the US,” the luxury fashion retailer stated.
Details leaked during the Chanel data breach included the customer’s name, email address, mailing address, and phone numbers.
“Fortunately, no information that could be used to directly hack or steal from Chanel customers was leaked,” stated Paul Bischoff, Consumer Privacy Advocate at Comparitech. “Chanel customers should be on the lookout for targeted phishing messages in their email and texts from scammers posing as Chanel or a related company. Never click on links or attachments in unsolicited messages.”
Was Salesforce CRM involved in the Chanel and Pandora data breaches?
For now, the European fashion retailers have not disclosed the impacted SaaS application vendor or the implicated cyber extortion group.
However, Salesforce customer relationship management (CRM) system was targeted by the ShinyHunters, a threat group that has compromised numerous fashion retailers via voice phishing (vishing) attacks.
Salesforce lists both fashion retailers as its clients, suggesting that the data breach likely stemmed from its beleaguered CRM portal.
Other fashion retailers apparently affected by the Salesforce vishing data breach include Louis Vuitton, Tiffany & Co., Dior, their parent company LVMH, and German luxury retailer Adidas.
“The Pandora data breach is a stark reminder that retailers remain prime targets for cybercriminals,” said Dr. Darren Williams, Founder and CEO of BlackFog. “Pandora now joins the growing list of high-profile victims, including Marks & Spencer, Co-op, and Harrods, highlighting how attackers are relentlessly targeting customer data across the retail sector.”
Meanwhile, the Pandora and Chanel data breaches follow similar social engineering campaigns by the prolific ransomware group Scattered Spider that targeted European fashion retailers Marks & Spencer and Adidas. The widespread hacking campaign also impacted The Co-op, which also stocks fashion items.
Besides fashion retailers, the ShinyHunters’ voice phishing campaign has impacted other high-profile companies, including tech colossus Google, which admittedly leaked company information via the Salesforce CRM.
According to Google, those companies are now the target of phishing attacks leveraging the stolen information.
Nevertheless, the Salesforce vishing campaign is unrelated to any of the company’s product vulnerabilities. Instead, the threat actors trick employees into authorizing a rogue bulk data import OAuth application on their Salesforce portal.
