Pandora confirms data breach following suspected ShinyHunters cyberattack

Customer information accessed through a third-party platform

Luxury jewellery brand Pandora has confirmed it was the victim of a cyberattack which exposed customer information, the latest high-profile incident in a growing wave of retail sector breaches.

In a letter sent to affected customers, the company disclosed that “some customer information was accessed through a third-party platform that we use.” The compromised data was described as “only very common types” specifically, names and email addresses. More sensitive details such as passwords or payment information were not stolen, according to Pandora.

“We want to reassure you that the attack has been stopped, and as a result we have further strengthened our security measures,” the company said, adding that it had not found evidence of the data being misused so far. Customers were nonetheless advised to be cautious of suspicious emails and avoid clicking on links or attachments from unknown sources.

ShinyHunters suspected

While Pandora has not publicly attributed the attack or disclosed the number of affected customers, reports from BleepingComputersuggest that the cybercriminal group ShinyHunters may be behind the breach. The group is believed to have infiltrated Pandora’s Salesforce environment using phishing and social engineering tactics, techniques it has allegedly been refining since January this year.

ShinyHunters has reportedly threatened a mass leak or sale of company data if ransom demands are not met.

Salesforce, however, denies that its platform was compromised. In a statement, the company said: “Salesforce has not been compromised and the issues described are not due to any known vulnerability in our platform.”

Earlier this week French luxury brand Chanel confirmed a data breach suspected to be the result of a compromise of its SalesForce CRM by the ShinyHunters group.

Increasingly common retail attacks

Security experts have warned that incidents like Pandora’s are becoming alarmingly common in retail and that attackers are increasingly focused on data theft over disruption.

Darren Williams, founder and CEO of BlackFog, commented:“Pandora now joins the growing list of high‑profile victims, including Marks & Spencer, Co‑op and Harrods, highlighting how attackers are relentlessly targeting customer data across the retail sector.

“This incident reflects the clear shift in ransomware tactics toward stealthy data exfiltration. Rather than immediate disruption, attackers are quietly harvesting sensitive information to power extortion schemes, identity fraud and dark web trade, damage that often continues long after the initial compromise. With Q2 2025 seeing retail ransomware incidents surge 58% from the previous quarter, the sector has never faced greater pressure.”

Jon Tamplin, head of security at ThreatAware, echoed the concerns around seemingly “low-level” data being sufficient for further attacks:

“Pandora’s statement might have said that ‘only very common types of data’ have been stolen; however, names and email addresses are exactly what attackers need to carry out phishing attacks,” he said.