Danish jewelry retailer Pandora has notified its customers about a data breach and the possibility that the attacker might abuse their information.
In an email sent out to potentially impacted customers on Tuesday, the company confirms the cyberattack on a third-party platform that Pandora uses.
Pandora didn't name the third-party platform, but “some customer information” was allegedly accessed through it, meaning that Pandora’s core internal systems weren’t actually infiltrated.
According to the jewelry retailer, the cyberattack has already been stopped, and the company has strengthened its security measures. Pandora said that only “very common types of data were copied by the attacker.”
“We’d like to stress that no passwords, credit card details, or similar confidential data were involved in this incident,” said the company.
🚨 BREAKING: Pandora breached #Pandora, danish jewellery retailer, notifies its Italian customers (so far) about a #databreach.
undefined ransomNews (@ransomnews) August 5, 2025
May be tied to Salesforce data heist.
Thanks Roberto for the news.
Cc/ @WAK4S #ransomNews pic.twitter.com/11eKQgvS77
So far, it’s unknown if the attack was ransomware-related, as is usually the case. Pandora itself says in the email that it has checked extensively and cannot see “any evidence that this data has been shared or published” on, for instance, a data leak site.
Cybernews researchers took a look as well, and indeed, there's no information about the breach on data leak sites. However, Aras Nazarovas, Cybernews Senior Information Security Researcher, thinks that the data might still get posted in a few days.
"Besides, it's common for hackers to have some small, private circles or group chats where they share or sell such data, so even if it isn't publicly available, it might still be abused or sold," said Nazarovas.
To him, the incident doesn't actually look like ransomware, anyway: "It's more likely that a solo hacker dumped the two specific fields (name and email address) from a database they were able to access."
"It's also possible that the attackers breached a third-party email provider used by Pandora to send newsletters or promotions, similar to SendGrid or MailChimp," explained Nazarovas.
Pandora told Cybernews: "We can confirm that a data breach has occurred involving some customer information accessed through a third-party platform we use. Importantly, only basic data was affected, no sensitive or financial information was compromised. Our internal systems remain unaffected and are operating normally."
"While incidents like these have unfortunately become increasingly common across industries, particularly among global companies, we take this matter very seriously."
The culprit and the timeline of the incident are unknown so far, and Pandora told us it wouldn't be providing additional details about the incident. Still, Pandora asks for extra vigilance in its address to potentially impacted customers. It’s better to be safe than sorry, after all.
Pandora itself says in the email that it has checked extensively and cannot see “any evidence that this data has been shared or published” on, for instance, a data leak site.
“As a precautionary measure, we recommend that you pay extra attention to unusual emails and online activities prompting for your data, as this could be phishing attempts from third parties pretending to be associated with Pandora,” the email says.
“Therefore, we recommend that you do not click on links or download attachments from unknown sources.”
According to ransomware and data privacy expert Dr. Darren Williams, founder and CEO of cybersecurity company BlackFog, the Pandora breach is a stark reminder that retailers remain prime targets for cybercriminals who are "relentlessly" targeting customer data across the sector.
Indeed, Pandora is just the latest retailer to be hit by a cyberattack. Marks & Spencer (M&S), Harrods, and Co-op have all been dealing with data breaches recently.
The attack on M&S was the most serious, costing the firm about £300 million ($409 million) in lost operating profit. In July, British police arrested four people in connection with the M&S, Co-op, and Harrods cyberattacks.
"The incident reflects the clear shift in ransomware tactics toward stealthy data exfiltration. Rather than immediate disruption, attackers are quietly harvesting sensitive information to power extortion schemes, identity fraud, and dark web trade – damage that often continues long after the initial compromise," Williams told Cybernews.
Your email address will not be published. Required fields are markedmarked