Cyber Incident Victim: Pandora
Date:
Sep 2025
Location:
Denmark
Summary
Pandora confirmed a cyberattack in which attackers accessed a third‑party platform and obtained customer names and email addresses while no passwords, credit card details or other confidential data were compromised. The company said the breach has been contained, security measures have been strengthened, and internal investigations found no evidence that the data was leaked or misused.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Pandora, describing itself as the world’s largest jewelry brand, confirmed it fell victim to a cyberattack. The company disclosed that the attack involved access to a third‑party platform. According to Pandora, customer data was breached in the incident. The compromised information consisted of common data such as names and email addresses. Pandora emphasized that no passwords, credit card details, or other confidential data were accessed. The author of the Forbes article received an email from Pandora at 09:15 Eastern Time on the day of the announcement. In that email Pandora confirmed the cyberattack and provided details about its scope. The message stated that the breach had been contained. Pandora also noted that security measures had been strengthened following the detection. Customers were advised to remain alert for possible phishing attempts related to the incident.
A Pandora spokesperson spoke about the company’s response to the breach. The spokesperson said that protecting customer privacy remained a top priority. Extensive internal checks were conducted after the attack was discovered. Those checks found no evidence that any of the compromised data had been leaked or misused. The spokesperson reiterated that the incident had been fully contained. Pandora advised customers to stay vigilant against suspicious emails or online activities. The company reminded recipients to verify the authenticity of any communications purporting to be from Pandora. No further technical details about the attack vector or the third‑party platform were disclosed in the statement. Pandora indicated that it would continue to monitor its systems for any anomalous activity. The overall message from the company was one of transparency and reassurance to its customers.
The Forbes article noted that the incident was reported on August 5, 2025. It included an image caption crediting SOPA Images/LightRocket via Getty Images for the accompanying visual. The article’s author, Davey Winder, presented the information as a factual update from Pandora. No additional breaches or related incidents were mentioned in the source material. The narrative presented here is limited to the facts explicitly provided in the article. Any speculation about motives, attackers, or long‑term consequences is omitted because it is not supported by the source. The account concludes with the information that Pandora has strengthened its security posture after the event. Customers are left with the guidance that was communicated directly by the company in its notice. This completes the factual chronology of the Pandora cyberattack as described in the available source.