Luxury jeweler Tiffany & Co. has disclosed a data breach that exposed customer information, including gift card details and associated PINs. The company confirmed the incident after completing a months-long investigation.
What was the scope of the attack?
Tiffany reported that an unauthorized party gained access to its systems on or around May 12, 2025. The intrusion was detected after suspicious activity triggered an internal review, leading to the involvement of external cybersecurity experts. On September 9, investigators confirmed that the breach specifically impacted data related to Tiffany’s customer gift cards. A total of 2,590 customers were affected.
What was stolen?
The compromised information includes customer names, postal addresses, email addresses, phone numbers, sales data, and internal client reference numbers. Most concerning, attackers stole gift card numbers and their corresponding PINs. Tiffany emphasized that not all data elements were exposed for every customer. The company also stated it has not found evidence of misuse of the stolen data so far.
What exploit was used?
The company has not disclosed the specific exploit or vulnerability that attackers leveraged. Based on industry practice, withholding this detail may be intended to prevent copycat attacks while remediation continues. Tiffany only confirmed that the attack was a “cybersecurity issue” affecting certain systems.
What has Tiffany done in response?
Tiffany launched an internal investigation supported by law enforcement and cybersecurity experts. The company has strengthened its system security and is notifying affected customers by mail. Clients are being urged to avoid suspicious emails, refrain from clicking unverified links, and monitor financial accounts and credit reports for irregularities.
What should customers do now?
Tiffany recommends that customers remain vigilant. U.S. law entitles individuals to one free credit report annually from each major credit bureau. Customers should use this provision to detect fraudulent activity early. A dedicated toll-free helpline has also been established, operating weekdays between 9:00 A.M. and 5:00 P.M. Eastern Time.
The bigger picture
Data breaches involving luxury brands underscore how attackers are increasingly targeting high-value customers and digital assets, such as gift cards. Gift cards are attractive to cybercriminals because they can be quickly monetized and laundered with minimal traceability.
For now, Tiffany & Co. faces the difficult task of restoring customer trust while strengthening its defenses against future attacks.
Also read:
- Cloudflare Confirms Data Breach in Salesloft Drift Attack
- Breach of Trust: Tea App Leak Exposes Thousands of Sensitive User Images
- Kenya’s Business Registration Services Hit by Major Data Breach
- Massive Data Breach Hits Morocco’s Land Conservation Agency in Politically Charged Cyberattack
About Author
