Luxury jeweler Tiffany & Co. has confirmed a data breach that exposed the personal details and gift card information of more than 2,500 customers.
Attackers gained unauthorized access to the company’s systems in early May 2025, prompting an investigation led by an external cybersecurity firm. According to filings with the Maine Attorney General’s Office, the compromised data includes names, addresses, emails, phone numbers, sales records, client reference numbers, and gift card numbers with PINs.
Stolen gift card information is particularly valuable to cybercriminals, who can use it to purchase jewelry or resell it with minimal traceability. Beyond direct misuse, exposed customers also face risks such as phishing attempts, where attackers impersonate Tiffany & Co. to harvest additional personal or financial data.
In its notice to affected clients, the company said: “We take the security of your personal information seriously and are alerting you about this issue so you can take steps to help protect your information. To date, we have no evidence of harm or further misuse of the affected data in connection with the incident.”
This is not the first time Tiffany has dealt with data security incidents. Earlier this year, its South Korean branch confirmed a breach tied to a third-party vendor. The incident followed a similar disclosure from Dior, another luxury brand under the Louis Vuitton Moët Hennessy (LVMH) umbrella.
Luxury labels have increasingly been targeted by cyberattacks. Just days before Tiffany’s disclosure, French conglomerate Kering, which owns fashion brands Gucci, Balenciaga, and Alexander McQueen, reported a breach that exposed 7.4 million files of customer data.
Tiffany & Co., headquartered in New York and acquired by LVMH in 2021 for nearly $16 billion, remains one of the most iconic names in the luxury goods industry. The breach adds to growing concerns about the sector’s vulnerability to cybercrime.
Leave a Reply