Our resources provide the essential tools, guides, and insights to help your business stay ahead of data privacy regulations. From practical templates to expert articles, we ensure you have everything you need to navigate compliance with confidence.
Last Updated: 2025-08-05 ~ DPDP Consultants
In a disturbing turn of events for the luxury fashion world, French powerhouse Chanel has confirmed a data breach tied to a wider pattern of attacks targeting Salesforce customers. The breach, which came to light on July 25, marks the latest in a string of sophisticated cyberattacks aimed at extracting sensitive customer information from high-profile global brands.
According to an official statement first reported by WWD,
Chanel discovered that unauthorized actors had accessed a customer service
database managed by a third-party provider. The data breach impacted customers
in the United States and exposed personal contact details, including names,
email addresses, phone numbers, and mailing addresses.
The company has emphasized that no financial or highly
sensitive data was compromised, and that only individuals who had contacted
Chanel’s U.S. client care center were affected. All impacted individuals have
reportedly been notified.
While Chanel has remained tight-lipped about the identity of
the third-party service provider involved, sources familiar with the incident
told Bleeping Computer that the stolen data was linked to the company’s
Salesforce instance. This places Chanel among a growing list of elite brands
compromised in what cybersecurity experts are calling a highly coordinated
campaign of social engineering attacks.
Cybersecurity firm Mandiant has attributed the breaches to a
group known as Shiny Hunters, which has been employing vishing—voice
phishing—techniques to manipulate employees into either revealing credentials
or authorizing malicious OAuth apps connected to their organization’s
Salesforce platform. Once access is granted, attackers are able to exfiltrate
customer data and initiate extortion attempts.
Salesforce, for its part, has been quick to distance itself
from the breach. In a statement provided to Bleeping Computer, the
company made it clear that the platform itself has not been compromised.
Rather, attackers are exploiting human vulnerabilities, such as falling for
phishing scams or failing to enforce basic cybersecurity practices.
“Salesforce has not been compromised, and the issues
described are not due to any known vulnerability in our platform,” the company
stated. “We continue to encourage all customers to follow security best
practices, including enabling multi-factor authentication (MFA), enforcing the
principle of least privilege, and carefully managing connected applications.”
The breach at Chanel is part of a broader attack wave that
has also affected other global heavyweights like Adidas, Qantas, Allianz Life,
and several luxury brands under LVMH, including Louis Vuitton, Dior, and
Tiffany & Co.
Interestingly, despite the growing list of affected
organizations, the stolen data has not yet surfaced publicly. Instead,
Shiny Hunters appears to be using the stolen information as leverage in direct
extortion campaigns, conducted primarily via email.
The unfolding wave of attacks underscores the growing
challenges companies face in defending against social engineering, even when
using robust platforms like Salesforce. For organizations that handle sensitive
customer data, the lesson is clear—technology alone cannot safeguard against
threats if human error remains an easy point of entry.
With more companies expected to disclose similar breaches in
the coming weeks, the spotlight remains on corporate cybersecurity practices
and the critical role of employee awareness in preventing future attacks.
Stay with us for updates on: DPDP
Consultants Newsletter
Similar Read
