Pandora Cyber Attack Exposes Customer Data Via Third-Party Vendor
Pandora, the global jewellery brand, confirmed today that it suffered a cyber attack that allowed unauthorised access to certain customer data. The company informed customers directly via email, explaining that the breach occurred through a third-party platform it uses, not its core internal systems.
While no financial or highly sensitive information was compromised, the breach still affected personal data, including names, phone numbers and email addresses. Pandora reassured customers that the attack has been contained and that its security systems have since been reinforced.
The company made it clear that passwords, credit card details and similar information were not part of the breach. Still, cybersecurity experts warn that even limited personal data can be used as a gateway for more targeted scams.
According to Christoph C. Cemper, founder of cybersecurity firm AIPRM, the exposed information leaves customers vulnerable to phishing attempts. “Attackers often use compromised emails to send fake messages that mimic trusted companies. Clicking on links or attachments in these emails could lead to data theft or financial fraud,” he said. Cemper emphasised the importance of not engaging with unknown senders and being wary of messages that request immediate action.
Pandora also advised customers to watch for suspicious emails pretending to be from the company. As a precaution, they recommend avoiding clicking links or downloading attachments from unknown sources.
For users concerned about their security, enabling two-factor authentication on accounts linked to the exposed email address is strongly recommended. Cemper also urged customers to change any reused passwords across different platforms to unique ones. Even though Pandora accounts weren’t directly affected in this way, bad actors often test known email-password combinations on multiple sites.
On the company side, experts say businesses must go further than just protecting financial data. “Retailers should encrypt even basic customer information like names and emails,” Cemper said. “It’s also important to carry out frequent penetration testing to find and fix vulnerabilities before attackers do.”
He also noted that companies should invest in real-time threat detection systems powered by AI, which can flag suspicious behaviour early. Monitoring traffic spikes or unusual data requests can help contain breaches before they spread.
Pandora concluded its message by acknowledging the growing frequency of such incidents and reiterated its commitment to privacy. “Attacks like these have unfortunately become more frequent in recent years, especially among global companies. We take this very seriously,” the company said.
While the worst may have been avoided this time, personal data should always be treated with caution. And for retailers, basic information is no longer too minor to protect. As to who is behind the breach, it is still unclear. However, fingers may be pointed at Scattered Spider, a group known for targeting retail giants globally. That said, it is too early to speculate.
