Tiffany & Co. Data Breach Exposes Personal Information of Its Customers

American luxury jewellery brand Tiffany & Co. said that the data security incident it suffered in May compromised the sensitive personal data of over 2,500 customers.

 

Owned by LVMH, the world’s largest luxury goods conglomerate, Tiffany & Co. is one of the world’s most prestigious houses for jewellery and accessories.

 

In a data security incident notice filed with the Office of Maine Attorney General, Tiffany said that on May 12, it was a victim of a data security incident involving unauthorised access to certain critical systems. The jewellery brand immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Based on our investigation, we determined on September 9, 2025, that, in connection with this issue, an unauthorised party obtained certain information related to your Tiffany gift card(s),” Tiffany said.

 

The compromised data included names, postal addresses, email addresses, phone numbers, sales data, internal client reference numbers, and Tiffany gift card numbers and PINs.  The filing with the Maine state regulator also states that Tiffany has identified at least 2,590 customers impacted by the incident.

 

Although Tiffany has not found any evidence that the compromised information has been misused, it is encouraging all affected individuals to stay alert. Individuals are advised to exercise caution with unexpected emails or phone calls, avoid sharing personal information in response to unsolicited messages or suspicious websites, and refrain from clicking on unknown links or downloading attachments from unfamiliar sources.

 

On May 26, Tiffany Korea emailed several customers notifying them of a data security incident. The breach occurred when an unauthorised threat actor gained access to a vendor platform the company used for managing customer data.

 

According to the email sent to affected customers, threat actors infiltrated the network of Tiffany’s vendor on April 8. After an investigation, the company determined on May 9, that the sensitive personal information of its customers including names, addresses, phone numbers, email addresses, internal customer ID numbers, and purchase history was exposed during the breach.