In August 2025, Pandora, one of the world’s leading jewelry brands, confirmed it was the victim of a cyberattack that exposed customer data via a third-party platform. If you are a Pandora customer or interested in retail cybersecurity, here’s everything you need to know about what happened, its implications, and how to protect yourself against potential digital fraud linked to this incident.
What happened in the Pandora cyberattack?
Attack summary and official statement
- On August 5, 2025, Pandora notified its customers about a security breach related to a third party, identified as an external platform used for data management.
- The compromised information was limited to names, birth dates, and customer email addresses. No passwords, bank details, or credit card information were compromised.
- Pandora confirmed “the attack has been stopped” and that they have reinforced their security measures after conducting thorough technical reviews.
Has the information been leaked or is there a risk of further attacks?
- According to Pandora, there is no evidence to date that the data has been published, sold, or shared on dark web forums.
- Customers are advised to be extra vigilant with suspicious emails or impersonation attempts (phishing), as fraudulent messages posing as the brand may surface.
What was the root cause of the breach?
- All signs point to an issue with an “external third party” (with independent investigations suggesting a possible link to Salesforce), not a direct hack of Pandora’s core systems.
- The breach is attributed to the manipulation or exploitation of access linked to partner platforms, similar to the recent global wave of cyberattacks targeting companies in fashion and retail.
Highlight: Pandora has not reported being affected by ransomware, and has ruled out any loss of financial information or access credentials.
Advice for Pandora customers and security recommendations
- Check your inbox: Be suspicious of unexpected emails claiming to be from Pandora, especially those requesting additional information or containing suspicious links.
- Never share passwords or bank details in response to any unsolicited messages, even if they look official.
- Enable two-factor authentication on online services whenever possible to strengthen your security.
- Stay informed through Pandora’s official channels for updates or changes related to the incident.
Apolo Cybersecurity helps you stay safe after Pandora’s attack
The breach at Pandora underscores the importance of always staying alert to fraud attempts following high-profile breaches. At Apolo Cybersecurity, we help you detect and solve any exposure of your data, whether you shop online or are a user of major international brands.
- Keep a close watch on your accounts and email this week.
- Reject any unsolicited requests for confidential information.
- Consult reliable sources for further cybersecurity alerts and analyses of recent incidents.
- If you have questions about your digital protection, talk to certified experts.
Have you received suspicious messages after the Pandora breach, or want to improve your online data security?
📱 Contact Apolo Cybersecurity now to book your free digital profile review and receive personalized recommendations
%402x.svg){kind=icon}