"Tiffany writes that they experienced a cybersecurity incident on or around May 12, 2025. "Based on our investigation, we determined on September 9, 2025, that, in connection with this issue, an unauthorized party obtained certain information related to your Tiffany gift card(s)," the letter states, adding, "The affected information included client name, postal address, email address, phone number, sales data, internal client reference number, and Tiffany gift card number and PIN.""
"On May 26, Tiffany Korea emailed select customers to notify them of a cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data. The incident reportedly occurred on April 8, and although the vendor was not named, it seemed likely that this was part of the ShinyHunters Salesforce campaign tracked by Google's Threat Intelligence Group as UNC6040."
Tiffany experienced a cybersecurity incident in May involving unauthorized access to a vendor platform that affected customers in South Korea and appeared linked to the ShinyHunters Salesforce UNC6040 campaign. LVMH reportedly paid ShinyHunters 4 BTC after extortion demands following attacks on some brands. Tiffany later reported a separate gift card breach impacting 2,590 people, with the incident dated around May 12, 2025 and an investigation determination on September 9, 2025 that an unauthorized party obtained client details and gift card numbers and PINs. Not all data elements were affected for every individual. Questions remain whether the incidents are the same or related.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]