Pandora, the renowned global jewellery brand, has confirmed a cyber attack that exposed certain customer data. The breach originated through a third-party platform and did not affect the company’s core internal systems. Customers were directly informed via email regarding the situation.
While critical financial or sensitive information remains intact, the incident compromised personal data including customer names, phone numbers, and email addresses. To mitigate any further risk, Pandora has stated that the attack has been contained, with security systems undergoing reinforcement.
Citing insights from Christoph C. Cemper, the founder of cybersecurity firm AIPRM, experts warn that even limited access to personal data can be exploited for more sophisticated scams. Cemper pointed out that compromised emails can lead to phishing attempts, where attackers mimic trusted companies and may engage customers to click on deceptive links or attachments, risking additional data theft or financial fraud.
In light of the breach, Pandora urged customers to remain cautious regarding unsolicited emails claiming to be from the company and recommended avoiding interactions with unknown senders. In an effort to enhance security, customers are advised to activate two-factor authentication for accounts linked to the exposed email addresses and to update any reused passwords to unique ones.
Alongside its customers, cybersecurity professionals believe it is crucial for businesses to prioritize the protection of customer information. Cemper noted that retailers must consider encrypting basic data such as names and emails, while also performing regular penetration testing to preemptively address vulnerabilities.
To further combat such cyber threats, he emphasized investments in AI-powered real-time threat detection systems. Identifying unusual traffic and data requests can significantly aid in curtailing breaches before escalation.
In concluding their communication, Pandora expressed grave concern over the increasing number of similar incidents affecting global businesses. They reaffirmed their commitment to data privacy and security in the face of growing challenges. The identity of the attackers remains uncertain, though speculation suggests the involvement of Scattered Spider, a group noted for targeting major retailers.