Pandora and Chanel Customer Data Leaked in Third-Party Breaches

A recent report by CPO has revealed that jewelry maker Pandora is dealing with fallout from a hacking campaign targeting customer relationship management platform Salesforce, which has impacted dozens of high-profile companies. The breach, which occurred when hackers accessed Pandora's customer data, resulted in the exposure of names and email addresses, but fortunately, credit cards, account passwords, and similar confidential data were not affected.

However, the report noted that the exposure of customer email addresses places them at risk of cyberattacks, such as password spraying and phishing. In response to this breach, Pandora has warned customers to stay on the lookout for suspicious emails or fraudsters trying to impersonate its employees in order to garner more useful information.

Chanel, meanwhile, is dealing with a data breach that stemmed from a third-party cloud-based management information system. In this attack, hackers accessed personal information for Chanel customers based in the U.S. Based on the findings of the investigation, the data obtained by the unauthorized external party contained limited details of a subset of individuals who contacted Chanel's client care center in the U.S.

The leaked info included customers' names, email addresses, mailing addresses, and phone numbers, but fortunately, no information that could be used to hack or steal from these customers was exposed. This breach highlights the importance of protecting customer data in a world where cyberattacks are becoming increasingly sophisticated.

A recent report by Verizon found that 30% of data breaches that happened during the year ending October 31, 2024, involved a third party, compared to 15% the previous year. As PYMNTS wrote earlier this year, this leaves companies facing a simple equation: more third-party connections plus more human error equals more opportunities for data breaches.

Philip Yannella, co-chair of the privacy, security and data protection practice at Blank Rome and author of "Cyber Litigation: Data Breach, Data Privacy & Digital Rights," 2025 edition, noted that data breaches are always the biggest danger, particularly for financial institutions. He also warned that companies will face a period where they will see more breaches - potentially more expensive breaches - until they can get their arms around how to deal with them.

"If you're a bank, you've got to worry quite a bit about your vendors," Yannella added. "The number of data breach lawsuits filed in 2021 was 400, but last year it rose to over 2,000. It's clear that companies need to take proactive steps to protect their customers' data and prevent these types of breaches from occurring in the first place."