[Security News] Pandora, Chanel and more Suffers from Data Breach

Pandora Data Breach

6th August 2025

Pandora Suffers from Data Breach After Data Theft Attacks

Pandora, the Danish jewelry giant, recently confirmed a data breach. Attackers compromised customer names, birthdates, and email addresses through the company’s Salesforce environment, but they did not access sensitive financial data or passwords. However, the incident is part of a growing trend of Salesforce-targeted cyberattacks. Threat actors like ShinyHunters are behind many of these breaches where they use phishing and social engineering to steal credentials. They are known to exploit OAuth tokens for unauthorized access, exfiltrate customer databases and demand ransom. Unfortunately, several major brands have already been impacted by these tactics. Investigators suspect possible ties between ShinyHunters and Scattered Spider as both groups use similar attack techniques and target overlapping victims. However, no definitive link between them has been confirmed yet.

Source: Bleeping Computer, Dark Reading, Cyberdaily.au 

 

Chanel Under Data Breach Targeting U.S Customer Database

Chanel, the iconic French luxury brand, suffered a data breach affecting its U.S. customer database via a third-party provider.
The breach was linked specifically to its Salesforce environment and detected on July 25, 2025. Exposed data included names, email addresses, mailing addresses, and phone numbers of customers who contacted Chanel’s U.S. client care center.

The incident did not compromise any sensitive financial or authentication information, and experts believe the ShinyHunters extortion group carried out the attack. They used voice phishing and social engineering to capture employee credentials or deceive staff into approving malicious OAuth apps. This gave them unauthorized access to the Salesforce environments of Chanel and other global brands. Chanel launched incident response procedures immediately and notified impacted customers.
Salesforce confirmed that that attackers did not compromise its core platform.
They emphasized the rising threat of phishing and credential-based attacks targeting end users instead.

Source: CyberNews, Cyber Insider, SC Media

 

Aeroflot Major Cyberattack by Ukrainian and Belarusian Hacker Groups

Aeroflot, Russia’s main airline, suffered a major cyberattack in mid-2025 by Ukrainian and Belarusian hacker groups, resulting in over 100 flight cancellations and severe operational disruptions. The hackers claimed to have accessed Aeroflot’s systems for a year, compromised senior executives’ computers, destroyed thousands of servers, and leaked the CEO’s flight history. Security lapses, such as outdated systems and unchanged passwords, contributed to the breach, which led to significant data exposure, financial losses, and reputational damage.

Source: The Record, The Moscow Times, SC Media

 

Data Breach Costs Declined Globally But Raised in the U.S

According to IBM’s Cost of a Data Breach Report 2025, the global average cost of a data breach saw a 9% decrease to $4.44 million, marking the first decline in five years.

AI and automation have improved detection and containment capabilities, reducing the average time to identify and contain a breach to a nine-year low of 241 days. Conversely, the average breach costs in the United States increased by 9% to $10.2 million, influenced by higher regulatory fines and increased detection and escalation expenses. The report also found that attackers most commonly compromised customer personally identifiable information (PII), which occurred in 53% of breaches.

Source: Infosecurity Magazine, Security Week

 


 

Click here to subscribe our Newsletter

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

Click here for inquiries regarding the partner system of Penta Security

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Click here for inquiries regarding the partner system of Cloudbric