Tiffany and Company, the renowned luxury jewelry designer and retailer, has confirmed a data breach affecting 2,590 customers across the United States.
The breach, which involved unauthorized access to an external system, was first discovered on September 9, 2025, and traced back to a compromise that occurred on May 12, 2025.
According to Tiffany’s notification filed with the Maine Attorney General’s office, hackers exfiltrated personal identifiers, including names and other sensitive customer data.
Scope and Impact of the Breach
The breach notification submitted by Lisa Sotto, outside counsel at Hunton Andrews Kurth LLP, reveals that 2,590 individuals had their data exposed.
Of those affected, five were residents of Maine; Tiffany’s disclosure indicates that notifications to the Maine residents were delivered in writing on September 16, 2025.
No consumer reporting agencies were required to be informed, as the total Maine resident count did not exceed 1,000.
The compromised information consists of customer names combined with other personal identifiers.
Tiffany has not released specifics on exactly which types of identifiers were obtained, citing an ongoing criminal investigation.
Although Tiffany and Company did not offer identity theft protection services, the company assured customers in its breach notification letter that it is undertaking a thorough internal investigation and has engaged cybersecurity experts to fortify its external systems against future intrusions.
A copy of the notice sent to Maine residents is publicly accessible through the Maine Attorney General’s website.
Company Response and Remediation Measures
In its official statement, Tiffany emphasized that the security lapse was limited to an externally hosted system and did not affect its core retail platform or payment processing infrastructure.
The company noted that no financial account numbers, social security numbers, or payment card details were compromised in this incident.
Tiffany has proactively reset affected user accounts and mandated password changes for all customers who had logged into the compromised system.
To prevent similar incidents moving forward, Tiffany stated it is implementing multifactor authentication across all remote-access portals and expanding its network monitoring capabilities.
The company is also conducting a comprehensive review of third-party vendors to ensure compliance with its enhanced security policies.
Tiffany has urged all customers to remain vigilant for phishing attempts and to monitor their credit reports for any unusual activity.
Although no formal identity protection services have been offered, the company advises customers to take advantage of free credit monitoring tools available through consumer credit bureaus.
Tiffany has set up a dedicated support hotline at (212) 309-1223 for affected individuals seeking assistance or more details about the breach.
With this disclosure, Tiffany joins a growing list of luxury and retail brands grappling with sophisticated cyberattacks that target high-value customer data.
As investigations continue, Tiffany assures its clientele that protecting customer privacy remains its top priority and that it will provide updates as new information emerges.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The breach, which involved unauthorized access to an external system, was first discovered on September 9, 2025, and traced back to a compromise that occurred on May 12, 2025.){kind=link}