Pandora, the worldwide jewelry brand, has experienced a security breach resulting in the exposure of customer information.

Danish jewellery giant Pandora has disclosed a significant data breach that compromised customer information through a third-party vendor platform. The company has begun notifying affected customers, starting with Italian markets, about the cybersecurity incident that resulted in unauthorized access to personal data. Key takeaways from the breach include a supply-chain attack via a third-party vendor that exposed customer names, phone numbers, and email addresses. Importantly, no passwords or payment data were accessed during the incident. While there are no signs of data leaks, customers have been warned to remain vigilant against potential phishing attempts.

The breach occurred through a supply chain attack, where threat actors gained access to customer data via a third-party service provider’s platform rather than directly targeting Pandora’s primary systems. This attack vector has become increasingly common as cybercriminals exploit the vulnerabilities created by vendor relationships and interconnected digital ecosystems. According to Pandora’s breach notification, the compromised Personally Identifiable Information (PII) includes customer names, phone numbers, and email addresses. The company has emphasised that no sensitive authentication credentials were accessed during the incident. Pandora’s Incident Response Team acted swiftly to contain the breach, implementing network segmentation and access controls to prevent further issues. The jewellery retailer is now conducting a comprehensive forensic analysis to determine the full scope of the compromise and has issued warnings about potential spear-phishing campaigns targeting affected customers.