Chanel Inc. reports data breach affecting U.S. clients
Learn More
Chanel Inc. is reporting a data breach involving unauthorized access to a customer database hosted by a third-party service provider.
The security incident was first detected on July 25, 2024, when Chanel became aware of unauthorized access to one of its databases in the United States. The compromised database was hosted by a third-party service provider and contained information related to customers who had contacted Chanel's client care center in the U.S.
Chanel engaged leading cybersecurity experts to support their investigation. The investigation indicates that attackers managed to access customer data. Exposed data includes:
- Names
- Email addresses
- Mailing addresses
- Phone numbers
The exact number of affected individuals has not been disclosed. The company stated the incident affected "a subset of individuals who contacted our client care center in the U.S."
The luxury fashion house reported the incident to its U.S. customers on Friday, 1st of August 2025
Update - as of 4th of August 2025, the breach is attributed to ShinyHunters Salesforce data theft campaign that uses voice phishing (vishing) techniques to compromise employee credentials and gain unauthorized system access. The attack involved ShinyHunters operatives impersonating IT support personnel in carefully orchestrated phone calls to targeted Chanel employees.
During these calls, the threat actors successfully convinced employees to visit Salesforce's connected application setup page and enter what they described as a "connection code." This malicious code linked a compromised version of Salesforce's Data Loader OAuth application to Chanel's Salesforce environment, sometimes disguised under names like "My Ticket Portal" to enhance credibility.
Chanel notified all affected customers via direct mail communication and established a dedicated customer service hotline for inquiries related to the breach. Salesforce has clarified that their platform infrastructure was not compromised in these attacks, stating that the security incidents resulted from social engineering targeting their customers and not any inherent vulnerability in the Salesforce platform.
