Luxury jeweler Tiffany and Company has confirmed a data breach that exposed the personal information of 2,590 customers.
The company discovered unauthorized access to an external system on September 9, 2025, but determined the incident first occurred on May 12, 2025.
Tiffany notified affected customers in writing on September 16, 2025, and filed a breach notification with Maine authorities, as required under state law.
Scope of the Breach
Tiffany and Company is a New York–based retailer specializing in luxury jewelry and high-end accessories.
The breach involved an external system that was hacked, allowing the intruder to acquire names or other personal identifiers in combination with additional customer data.
Although Tiffany has not confirmed the exact details of the additional information exposed, typical identifiers include mailing addresses, email addresses, and phone numbers.
In total, 2,590 individuals across the United States were affected, including five residents of Maine.
Under Maine law, companies notifying a breach affecting more than 1,000 state residents must alert consumer reporting agencies.
However, because only five Maine residents were impacted, Tiffany was not required to engage credit bureaus.
The retailer has not identified any other state-based notifications within the past 12 months and has no earlier breach incidents to report.
Tiffany and Company retained outside counsel Hunton Andrews Kurth LLP to oversee the notification process.
Partner Lisa Sotto submitted the formal breach notice on behalf of Tiffany, providing state regulators with detailed information, including the company’s street address at 200 Fifth Avenue, New York, NY 10010, and contact information for further inquiries.
A copy of the notice sent to Maine residents is publicly available on the state attorney general’s website.
Affected customers began receiving written letters on September 16, 2025, advising them of the unauthorized access and the risk of potential misuse of their personal data.
Tiffany opted not to offer identity theft protection services, citing the nature of the information disclosed and an absence of evidence indicating misuse at this time.
Instead, the company has encouraged customers to monitor their account statements, credit reports, and to remain vigilant against suspicious emails or calls.
In response to the breach, Tiffany and Company has launched a comprehensive security review of its systems.
The jeweler is collaborating with cybersecurity experts to strengthen defenses, conduct a full forensic investigation, and implement additional monitoring protocols.
The company has also reinforced its password policies and plans to adopt multi-factor authentication on all external access points.
Tiffany’s leadership emphasized its commitment to customer privacy and pledged full transparency as the investigation continues. The retailer will provide regular updates on its remediation efforts and any relevant findings.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
