French luxury fashion house Chanel has become the latest high-profile victim in a series of data thefts targeting companies that use Salesforce, one of the world’s leading cloud-based customer relationship management platforms. The breach at Chanel was first detected on July 25, 2025, and has raised significant concerns about the security of sensitive customer data in the fashion and retail sector.
Details of the Breach
The attack specifically targeted a Chanel database hosted by a third-party service provider. According to the company, only U.S. customers who had contacted Chanel’s client care center were affected. Exposed information included names, email addresses, mailing addresses, and phone numbers. Importantly, Chanel emphasized that no financial data, such as credit card or bank account information, was compromised. Impacted customers have been notified, and the company has initiated appropriate response measures.
The Larger Attack Campaign
This incident is part of a broader campaign orchestrated by the ShinyHunters extortion group and has affected multiple major corporations. Other notable victims include Adidas, Qantas, Allianz Life, as well as prominent brands under the LVMH umbrella such as Louis Vuitton, Dior, and Tiffany & Co. The attackers have primarily relied on sophisticated social engineering tactics—most notably, vishing (voice phishing)—to breach organizations’ Salesforce accounts.
In many cases, cybercriminals impersonated IT staff, calling employees and persuading them to either approve a malicious OAuth app or install a tampered version of Salesforce’s Data Loader tool. By exploiting these human vulnerabilities, attackers gained extensive access to Salesforce environments, enabling them to exfiltrate large volumes of customer data. Stolen information has then been leveraged in extortion attempts, with demands typically sent via email. As of the latest reports, there has been no evidence that any of the stolen data has been published or leaked.
Salesforce Platform and Security Response
Salesforce has clarified that its core platform has not been compromised. The attackers’ strategies depended not on exploiting technical flaws in Salesforce itself, but rather on manipulating company employees through social engineering. This distinction underlines the importance of employee vigilance and comprehensive cybersecurity training.
