The iconic luxury jeweler Tiffany & Co. has confirmed a data breach that exposed the personal information and gift card numbers of more than 2,500 customers, potentially allowing attackers to spend stolen funds on the company’s own high-end merchandise.
Attackers Breached Tiffany’s Systems in May
According to a data breach notification filed with the Maine Attorney General’s Office, attackers gained unauthorized access to Tiffany’s systems in early May 2025. The breach was discovered shortly afterward, prompting Tiffany’s to engage an external cybersecurity firm to investigate the incident and assess the scope of the compromise.
The company’s notification revealed that the attack exposed a range of sensitive customer data, including:
- Names
- Physical addresses
- Email addresses
- Phone numbers
- Sales data
- Client reference numbers
- Tiffany’s gift card numbers and PINs
The inclusion of gift card details is particularly concerning, as these cards represent real monetary value and can be used to purchase luxury jewelry or other goods. Worse still, because gift cards often bypass stricter fraud prevention controls, they remain a preferred target for cybercriminals who want to turn stolen data into untraceable goods and services.
Elevated Risk of Fraud and Phishing
Tiffany’s warned affected customers to be cautious about possible phishing attacks. Cybercriminals could impersonate the jeweler in emails or phone calls, tricking victims into sharing additional information such as credit card details or account credentials.
“We take the security of your personal information seriously and are alerting you about this issue so you can take steps to help protect your information,” Tiffany’s stated in its notice to customers. “To date, we have no evidence of harm or further misuse of the affected data in connection with the incident.”
The company has not disclosed whether any fraudulent transactions have been detected using the stolen gift card numbers but has urged customers to monitor their accounts and report any suspicious activity.
A Pattern of Breaches in the Luxury Sector
This is not Tiffany’s first data security challenge in 2025. In late May, its South Korean division confirmed that a third-party vendor breach had exposed customer data. Interestingly, Tiffany’s was the second luxury house owned by parent company Louis Vuitton Moët Hennessy (LVMH) to be affected in the country, following Dior’s own disclosure of a customer data exposure.
The luxury industry appears to be facing increased attention from cybercriminals. Earlier this week, Kering — the French fashion powerhouse behind Gucci, Balenciaga, and Alexander McQueen — confirmed a major breach that resulted in the theft of 7.4 million files of customer data. These incidents collectively underline the growing risks facing luxury retailers, whose clientele represent lucrative targets for financially motivated attackers.
Tiffany’s Place in the Luxury Market
Headquartered on Fifth Avenue in Manhattan, Tiffany’s is one of the most recognized luxury jewelry brands worldwide. The company was acquired by LVMH in 2021 in a deal valued at nearly $16 billion. Before the acquisition, Tiffany’s had reported annual revenue exceeding $4 billion while still listed on the New York Stock Exchange.
Given Tiffany’s global reputation and its affluent customer base, breaches like this raise significant concerns — not only about financial losses but also about potential reputational damage. The company has not publicly stated whether it will offer credit monitoring or identity theft protection to affected clients.
