In May, Tiffany & Co. confirmed a data breach affecting an unspecified number of customers in South Korea. Tiffany is one of LVMH Moët Hennessy Louis Vuitton’s 75 high-end brands in six different sectors. On May 26, Tiffany Korea emailed select customers to notify them of a cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data. The incident reportedly occurred on April 8, and although the vendor was not named, it seemed likely that this was part of the ShinyHunters Salesforce campaign tracked by Google’s Threat Intelligence Group as UNC6040.
Information provided by a knowledgeable source later informed DataBreaches that LVMH had told law enforcement that they had paid ShinyHunters 4 BTC in response to extortion demands made after attacks on some of its brands that included Dior and Tiffany.
Now Tiffany is reporting a breach involving Tiffany gift cards that affected 2,590 people.
In a notification letter sent to those affected and submitted to the Maine Attorney General’s Office, Tiffany writes that they experienced a cybersecurity incident on or around May 12, 2025.
“Based on our investigation, we determined on September 9, 2025, that, in connection with this issue, an unauthorized party obtained certain information related to your Tiffany gift card(s),” the letter states, adding, “The affected information included client name, postal address, email address, phone number, sales data, internal client reference number, and Tiffany gift card number and PIN.”
Not all of these data elements were affected for each impacted individual.
But was this latest incident report related to the one that affected Tiffany in South Korea or are these two separate incidents? They reportedly occurred more than one month apart. Were they both related to the ShinyHunters’ Salesforce campaign?
DataBreaches contacted ShinyHunters over Telegram to ask whether the Tiffany gift card breach was by ShinyHunters, and whether it was part of the same breach affecting Tiffany’s South Korean customers. ShinyHunters declined to comment.
DataBreaches emailed and called LVMH to request clarification as to whether the two reports were from one incident or two separate incidents and whether one or both incidents were part of the ShinyHunters Salesforce campaign. No reply has been received by this publication.
Update: According to the Globe and Mail, an unspecified number of Canadian residents were also notified of the breach. Apparently, they couldn’t get a response, either, from LVMH:
Tiffany & Co. and LVMH did not respond to multiple requests for comment about the scale of the breach or measures taken to protect customer data. A spokesperson for the Office of the Privacy Commissioner of Canada, Vito Pilieci, said it is aware of the incident and is “actively engaged” in ensuring that the company is taking the necessary steps to protect Canadians’ personal information.