"According to the notification sent out to impacted individuals, a threat actor gained unauthorized access to Tiffany systems on or around May 12, 2025. An investigation revealed that the attacker obtained information associated with Tiffany gift cards, including name, email address, postal address, phone number, sales data, gift card number, and PIN. The luxury goods company informed the Maine Attorney General's Office that more than 2,500 individuals are impacted by the data breach. It's unclear if that number includes the affected Canadian customers."
"Several LVMH brands, including Louis Vuitton, Dior and Tiffany, were caught in a recent campaign conducted by the cybercrime group Scattered Spider, which targeted data from the Salesforce instances of many major companies. It's unclear if the Tiffany breach disclosed this week is related to the Salesforce attacks or if it's a second, unrelated intrusion. It's worth noting that in most cases the companies hit by the Salesforce hacks mentioned in their disclosures that the incident involved a third-party system."
Tiffany and Company notified U.S. and Canadian customers that hackers stole personal information following unauthorized access to its systems on or around May 12, 2025. The attacker obtained data tied to Tiffany gift cards, including customer names, email and postal addresses, phone numbers, sales data, gift card numbers, and PINs. The company informed the Maine Attorney General's Office that more than 2,500 individuals were impacted, though it is unclear whether that count includes Canadian customers. Tiffany is part of LVMH; several LVMH brands were targeted by the cybercrime group Scattered Spider via Salesforce instances. Tiffany's disclosure indicates access to its own systems and does not mention a third-party service.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]