French luxury fashion brand Chanel has become the latest target in a series of data breaches linked to Salesforce, with the company confirming unauthorized access to a database that impacted U.S. customers. The breach was first reported on July 25 and has raised concerns over data security within the fashion industry.
According to Chanel, the breach involved limited personal information from customers who had interacted with their client care center. A company spokesperson stated that the data exposed included names, email addresses, mailing addresses, and phone numbers. Fortunately, no sensitive payment information was compromised. The affected clients have been notified about the incident.
This data breach appears to be part of a broader trend of attacks targeting Salesforce customers. The ShinyHunters extortion group has been identified as a key player behind these attacks, utilizing sophisticated social engineering tactics to gain access to corporate accounts. As part of this method, attackers conduct vishing attacks to manipulate employees into revealing credentials or authorizing malicious applications.
In a response to the incident, Salesforce has reassured its customers that its platform remains secure, and the breaches are primarily attributed to user actions rather than any vulnerabilities within the Salesforce system. The company emphasized the importance of following security best practices, such as enabling multi-factor authentication and managing connected applications. For further guidelines, customers can refer to Salesforce’s dedicated security resources.
Other brands such as Adidas, Qantas, Allianz Life, and LVMH, which includes Louis Vuitton and Dior, have also fallen victim to similar attacks, highlighting an alarming trend in data security within the retail and luxury sectors. The ongoing threat posed by groups like ShinyHunters showcases the need for organizations to continually review and enhance their cybersecurity measures.