Pandora

Danish jewellery giant Pandora disclosed a significant data breach involving a third-party vendor platform. The breach exposed customer names, phone numbers, and email addresses, but no passwords or payment data were accessed. The incident was contained swiftly, with no evidence of data exfiltration or public distribution. Pandora has warned customers about potential phishing attempts and is conducting a forensic analysis to determine the full scope of the compromise.

Source: https://cybersecuritynews.com/pandora-hacked/

TPRM report: https://www.rankiteo.com/company/pandora-a-s

"id": "pan401080725",
"linkid": "pandora-a-s",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Jewelry',
                        'location': 'Denmark',
                        'name': 'Pandora',
                        'type': 'Company'}],
 'attack_vector': 'Supply Chain Attack',
 'customer_advisories': 'Warnings about potential spear-phishing campaigns',
 'data_breach': {'data_exfiltration': 'No evidence of data exfiltration',
                 'personally_identifiable_information': 'Customer names, phone '
                                                        'numbers, and email '
                                                        'addresses',
                 'sensitivity_of_data': 'Low (no passwords or payment data '
                                        'accessed)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'description': 'Danish jewellery giant Pandora has disclosed a significant '
                'data breach that compromised customer information through a '
                'third-party vendor platform.',
 'impact': {'brand_reputation_impact': 'Potential phishing risks and customer '
                                       'vigilance required',
            'data_compromised': 'Customer names, phone numbers, and email '
                                'addresses',
            'identity_theft_risk': 'Low (no sensitive authentication '
                                   'credentials accessed)',
            'payment_information_risk': 'None'},
 'initial_access_broker': {'entry_point': 'Third-party service provider’s '
                                          'platform'},
 'investigation_status': 'Ongoing forensic analysis',
 'recommendations': 'Implement robust zero-trust architecture and continuous '
                    'monitoring across all vendor relationships',
 'references': [{'source': 'RansomNews report on X'}],
 'response': {'communication_strategy': 'Customer notifications and advisories',
              'containment_measures': 'Network segmentation and access '
                                      'controls',
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'network_segmentation': True,
              'remediation_measures': 'Enhanced SIEM systems and additional '
                                      'EDR solutions'},
 'title': 'Pandora Data Breach via Third-Party Vendor',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Third-Party Vendor Vulnerability'}