Scam of the day – August 10, 2025 – Pandora Data Breach Part of Bigger Problem

by | Aug 9, 2025 | Scam of the day

Danish jewelry chain Pandora which has 2,700 locations worldwide announced recently that it had suffered a data breach in which personal information of approximately 30,000 people was compromised.  The compromised information included names, email addresses, phone numbers, home addresses and birth dates which although troubling is not as bad as data breaches in which financial information or passwords are compromised.  The data was stolen not from Pandora’s computer networks, but rather from Salesforce, a cloud-based customer relationship management (CRM) company used by Pandora and many other companies to manage their customer data.  The cybercriminals managed to do this not by hacking Salesforce, but rather by using social engineering to trick Pandora employees to enable access to the company’s Salesforce account containing its customer data.  The cybercriminals in this case is a ransomware gang known as ShinyHunters who have used similar socially engineered attacks to gain access to the data of Alianz, Qantas, Louis Vuitton, Dior, Tiffany and even Google among other companies.

Companies must do a better job of protecting themselves from not just technologically sophisticated cyberattacks, but less sophisticated, but equally effective social engineering attacks where the cybercriminals use psychology to manipulate employees to giving them access to important data.

TIPS

Victims of this data breach should  freeze their credit if they have not already done so.  Actually, freezing your credit is actually something everyone should do.  It is free and easy to do.  In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number.  If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies.  Here are links to each of them with instructions about how to get a credit freeze:

Everyone also should monitor their credit reports regularly for indications of identity theft.  The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own.  Here is the only link to use to get your free credit reports.https://www.annualcreditreport.com/index.action
Some scammers have websites that appear to offer “free” credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services.
With data breaches so common, it is also important to limit the amount of personal information you provide any company to no more than what is absolutely necessary. Many companies ask for your Social Security number although they have no real need for that information.  Don’t provide it whenever you can.
Finally, be wary of anyone who calls you purporting to help you in regard to the data breach who  asks for personal information in regard to this data breach as that is a favorite tactic of hackers to lure you into providing additional personal information that can lead to your becoming a victim of identity theft.  Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don’t provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/