Pandora confirms customer data stolen in data breach
Pandora has become the latest retailer to fall victim to a cyber attack after a spate of companies were targeted earlier this year.
The premium jeweller confirmed the attack on August 5, telling customers that “some customer information was accessed through a third-party platform that we use”.
“Only very common types of data were copied by the attacker – specifically name, birthdate, and email address. We’d like to stress that no passwords, credit card details or similar confidential data were involved in this incident.”
The UK’s retail sector was bruised by a series of attacks earlier this year, with M&S, Harrods and The Co-op amongst those affected.
M&S estimated a £300m hit to annual profit from the attack, and warned customers that some data had been stolen in the attack.
The huge amounts of data retailers collect for advertising purposes, along with outdated security systems, have made them attractive targets for hackers.
In the race for convenience, scale and speed, retailers have too often under-invested in resilience.
Meanwhile, well-organised cyber groups, like the resurgent Scattered Spider, are exploiting the cracks.
Cyber expert Christoph Cemper warned customers to be alert to phishing email from Pandora.
“Phishing attacks, if successful, can allow hackers to steal vital information, or lead to financial loss if the user clicks any links or downloads malicious attachments,” he said.
Pandora has emphasised its desire to protect consumer data: “Protecting your privacy is extremely important to us. While incidents like these have unfortunately become more common in recent years, especially among global companies, we take this matter very seriously.”
Cemper, however, said there’s more retailers can do to protect customer data.
“It is crucial that companies employ effective detection tools which can monitor for suspicious activities… AI-driven threat detection is becoming more essential in identifying suspicious activity early on,” he said.