Chanel

The luxury fashion brand Chanel announced a data breach affecting some of its customers in the United States. The breach involved unauthorized access to a US database hosted by a third-party service within Chanel's Salesforce environment. The exposed data included limited details such as names, email addresses, mailing addresses, and phone numbers of individuals who had contacted the US client care center. No malicious software was used, and daily operations were not affected. The breach was linked to a group of cybercriminals known as ShinyHunters, who used social engineering techniques like vishing to trick employees into revealing login details. Chanel promptly activated security procedures and engaged cybersecurity experts to investigate the incident.

Source: https://hackread.com/shinyhunters-target-chanel-salesforce-data-breach/

TPRM report: https://www.rankiteo.com/company/chanel

"id": "cha340080725",
"linkid": "chanel",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Subset of individuals who '
                                              'contacted the US client care '
                                              'center',
                        'industry': 'Fashion',
                        'location': 'United States',
                        'name': 'Chanel',
                        'type': 'Luxury Fashion Brand'}],
 'attack_vector': 'Social Engineering (Vishing)',
 'customer_advisories': 'Letter sent to affected clients',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Names, email '
                                                        'addresses, mailing '
                                                        'addresses, phone '
                                                        'numbers',
                 'sensitivity_of_data': 'Low to Moderate',
                 'type_of_data_compromised': 'Personal Information'},
 'date_detected': '2023-07-25',
 'description': 'The luxury fashion brand Chanel announced a data breach '
                'affecting some of its customers in the United States. The '
                'breach involved unauthorized access to a US database hosted '
                "by a third-party service, part of Chanel's Salesforce "
                'environment. The exposed data included names, email '
                'addresses, mailing addresses, and phone numbers of '
                'individuals who contacted the US client care center.',
 'impact': {'data_compromised': 'Names, email addresses, mailing addresses, '
                                'phone numbers',
            'identity_theft_risk': 'Low',
            'operational_impact': 'None reported',
            'payment_information_risk': 'None',
            'systems_affected': 'Salesforce database'},
 'initial_access_broker': {'entry_point': 'Vishing (Voice Phishing)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Social Engineering (Vishing)'},
 'references': [{'source': 'BleepingComputer'}],
 'response': {'communication_strategy': 'Letter to affected clients',
              'incident_response_plan_activated': 'Yes',
              'third_party_assistance': 'Leading cybersecurity experts'},
 'threat_actor': 'ShinyHunters',
 'title': 'Chanel Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Factor (Social Engineering)'}