Overview

• The breach was traced to unauthorized access of a vendor platform connected to Pandora’s Salesforce database, part of a series of cloud-service attacks on retailers this year.
• Pandora discovered and halted the attack on August 5, strengthening defenses and conducting extensive system checks.
• Exposed data was confined to customer names, birthdates and email addresses, with no passwords or payment information compromised.
• Pandora reports no evidence that the stolen records have been published or sold and has launched an investigation into the vendor platform and perpetrators.
• Security specialists advise customers to enable two-factor authentication and remain vigilant for phishing attempts leveraging the leaked information.