Pandora Acknowledges Data Breach Amid Ongoing Salesforce Data Theft Incidents

Danish jewellery giant Pandora has recently disclosed a data breach involving the theft of customer information amid ongoing Salesforce data theft attacks. As one of the largest jewellery brands globally, with 2,700 locations and over 37,000 employees, Pandora informed customers that their contact information was accessed by an unauthorised party through a third-party platform. The data breach notification revealed that only customers’ names, birthdates, and email addresses were compromised, while passwords, IDs, and financial information remained secure. Although Pandora did not specify the third-party platform involved, reports indicate that the data was extracted from the company’s Salesforce database.

Since at least January 2025, threat actors have been executing social engineering and phishing campaigns targeting employees and help desks to steal Salesforce credentials. These attacks aim to trick employees into authorising malicious OAuth applications, allowing attackers to download and extort the company’s Salesforce database. ShinyHunters, a known threat actor, has confirmed ongoing extortion efforts against various companies, including Adidas, Qantas, Allianz Life, and LVMH subsidiaries such as Louis Vuitton, Dior, and Tiffany & Co. Salesforce has stated that its platform has not been compromised and emphasised the importance of customers following security best practices, including enabling multi-factor authentication and managing connected applications carefully.