Overview
- The breach was traced to unauthorized access of a vendor platform connected to Pandora’s Salesforce database, part of a series of cloud-service attacks on retailers this year.
- Pandora discovered and halted the attack on August 5, strengthening defenses and conducting extensive system checks.
- Exposed data was confined to customer names, birthdates and email addresses, with no passwords or payment information compromised.
- Pandora reports no evidence that the stolen records have been published or sold and has launched an investigation into the vendor platform and perpetrators.
- Security specialists advise customers to enable two-factor authentication and remain vigilant for phishing attempts leveraging the leaked information.