Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.
Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.
"We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use," reads a Pandora data breach notification sent to customers.
"We stopped the access and have further strengthened our security measures."
As first reported by Forbes, only customers' names, birthdates, and email addresses were stolen in the attack. Passwords, IDs, and financial information were not exposed.
Pandora data breach notification
Source: Reddit
While Pandora has not shared the name of the third-party platform, BleepingComputer has learned that the data was stolen from the company's Salesforce database.
Since at least January 2025, if not earlier, threat actors have been conducting social engineering and phishing campaigns targeting companies' employees and help desks.
These attacks are designed to steal Salesforce credentials or trick employees into authorizing a malicious OAuth application to their Salesforce account.
... continue reading