Pandora, the world-renowned jewellery brand, has revealed that a cyberattack on a third-party service provider led to the exposure of customer data. Although no payment or password information was compromised, the leak has sparked concern among shoppers and cybersecurity experts alike.
How the Breach Happened
The data breach was not caused by a direct attack on Pandora’s own systems. Instead, cybercriminals gained access through one of Pandora’s third-party vendors. These external platforms often help companies manage services such as marketing or customer engagement — but can also become backdoors if not properly secured. Pandora was quick to point out that their core systems remained untouched. However, the breach allowed attackers to access customer names, birth dates, email addresses, and phone numbers.
What Data Was Stolen — And What Wasn’t
According to Pandora, no passwords, credit card details, or other financial data were exposed. That said, the stolen personal information can still be misused — especially for phishing attempts or identity scams. Cybersecurity professionals warn that even basic information like an email address can be used to craft convincing fake messages that look like they come from trusted companies. In this case, scammers may pose as Pandora itself.
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
Pandora’s Response and Customer Advice
In a statement, Pandora said that the attack was quickly contained and that security measures have been strengthened. The company also launched a full investigation and is working closely with the third-party vendor involved. Customers were urged to be cautious of unexpected emails or messages claiming to be from Pandora. The company recommends not clicking on links or opening attachments in suspicious emails and encourages users to enable two-factor authentication and update any reused passwords. Pandora emphasized its commitment to customer privacy and has informed data protection authorities of the breach, as required by law.
The Bigger Picture: Why Third-Party Breaches Are Rising
Experts say that third-party data breaches are becoming more frequent across industries, including retail, finance, and healthcare. Similar attacks this year have affected other major UK retailers like Harrods and M&S. In many of these cases, attackers exploit vendors who have access to sensitive customer databases. As more brands outsource services, the pressure to vet and monitor third-party security is increasing. Consumers, meanwhile, are left hoping that companies are not only protecting their own systems — but also those they work with.