Cyber Incident Victim: Pandora
Date:
Nov 2025
Location:
Denmark
Summary
Pandora confirmed a cyberattack that accessed a third‑party platform and resulted in the copying of customer names and email addresses, while passwords, credit card details and other confidential data remained uncompromised. The breach was contained, security measures were strengthened, and the company stated that extensive checks found no evidence of data leakage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Pandora, which describes itself as the world’s largest jewelry brand, confirmed on August 5, 2025 that it had fallen victim to a cyberattack resulting in the breach of customer data. The confirmation was communicated via an email sent to recipients at 09:15 Eastern Time. In the message, Pandora acknowledged that unauthorized access had been obtained through a third‑party platform. The company characterized the incident as a security breach affecting its customers.
According to Pandora’s statement, the attackers were able to copy only common personal information such as names and email addresses. No passwords, credit card numbers, or other confidential data were compromised in the incident. The company emphasized that the accessed data did not include any sensitive financial or authentication details. This limitation was presented as a key factor in assessing the potential impact on affected individuals.
Pandora reported that the attack has been contained and that it has strengthened its security measures in response. A spokesperson for the company said that protecting customer privacy remains a priority and that extensive internal checks found no evidence of further data leakage. The firm indicated that it continues to monitor the situation and has taken steps to improve the security of its third‑party connections.