Luxury jewellery house Tiffany & Co. has disclosed that personal data and gift card information belonging to more than 2,500 customers were compromised in a cyber incident originating in May 2025. Legal filings with the Maine Attorney General’s Office describe that names, postal and email addresses, phone numbers, sales data, internal reference numbers, plus gift card numbers and PINs were accessed by an unauthorised party.
Tiffany determined on 9 September that an intrusion dated to on or around 12 May had resulted in the data exposure. The company says it has no proof yet that the extracted information has been misused. Affected clients were notified by mail starting 16 September.
This latest breach at Tiffany follows a data security incident involving a vendor platform used by Tiffany Korea, disclosed in May. That incident appears to have taken place on 8 April, when a threat actor gained access to a third-party vendor, exposing customer data including names, phone numbers, email addresses and purchase history. Whether that earlier incident is connected to the gift card disclosure has not been confirmed.
Hackers’ interest in gift card details can be high, since those provide immediate financial value and are harder to track than bank accounts. Exposed gift card PINs and numbers can be used for unauthorised purchases, resale or other illicit transactions. Even non-financial personal data can be leveraged for phishing, identity theft or other scams.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
