Chanel, the iconic French fashion house, has confirmed that it suffered a data breach exposing customer contact information in the U.S., part of a broader wave of cyberattacks exploiting Salesforce accounts through social engineering.
The breach, which Chanel identified on July 25, occurred via a third-party service provider hosting its Salesforce instance. While the luxury brand has not disclosed the vendor’s name publicly, sources have confirmed that the compromised database was tied to Salesforce—a popular customer relationship management (CRM) platform now targeted in a rising campaign by the ShinyHunters extortion group.
Personal contact data of US customers accessed, but financial information remains secure
In a statement to media, Chanel clarified that the exposed information was limited to contact details of individuals who reached out to its U.S. client care center.
“Based on the findings of the investigation, the data obtained by the unauthorized external party contained limited details of a subset of individuals who contacted our client care center in the U.S.—specifically name, email address, mailing address and phone number,” said a Chanel spokesperson.
“No other information was contained in the database. The clients affected have been informed.”
The breach has not impacted any financial data, login credentials, or broader global systems operated by Chanel.
Social engineering attacks exploit Salesforce OAuth permissions
The attack on Chanel is part of a coordinated effort targeting Salesforce customers through voice phishing (vishing) and malicious OAuth app authorizations. According to Mandiant, the attackers impersonate IT staff or trusted service representatives to trick employees into giving app permissions or credentials.
Once they gain access, attackers extract CRM databases to use in extortion campaigns, demanding ransom before potential public disclosure.
Salesforce itself emphasized that its platform has not been compromised:
“Salesforce has not been compromised, and the issues described are not due to any known vulnerability in our platform,” the company said in a statement.
“Customers play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks.”
Salesforce urged all clients to enforce security best practices, including:
- Enabling multi-factor authentication (MFA)
- Enforcing the principle of least privilege
- Closely managing third-party connected applications
ShinyHunters campaign continues to target global brands using Salesforce
The Chanel breach follows other high-profile incidents involving global brands tied to Salesforce data theft. Confirmed victims include:
- Adidas
- Qantas
- Allianz Life
- LVMH brands such as Louis Vuitton, Dior, and Tiffany & Co.
While the full scope of the campaign remains unclear, ShinyHunters has been using the stolen data to extort companies via direct email rather than public data leaks—at least for now. Sources indicate that more victims may exist, but those incidents have yet to be confirmed or disclosed.
Breach underscores risk of third-party platforms and social engineering
The Chanel incident highlights the growing threat to enterprises relying on third-party cloud platforms and CRM systems for customer engagement. As attackers refine social engineering tactics, the risk moves beyond technical vulnerabilities to human decision points.
Though no sensitive financial or credential data was compromised in Chanel’s case, the exposure of personal contact information still presents privacy and reputational challenges, particularly for luxury brands with high customer trust expectations.
