
Chanel Inc. informed its customers Friday morning about a data security breach at the U.S. company.
In a letter to clients, Chanel said that on July 25, Chanel became aware of a security incident involving a Chanel Inc. database in the U.S. hosted by a third-party service provider, “where an unauthorized external party accessed and obtained some of the client data we hold.”
A Chanel spokeswoman confirmed the security incident Friday and said, “The investigation indicates that there was unauthorized access to this database. There was no malware deployed to our systems, and our operations remain unaffected.” She said upon detecting the issue, the company immediately activated their incident response protocols and engaged leading cybersecurity experts to support their investigation.
“Based on the findings of the investigation, the data obtained by the unauthorized external party contained limited details of a subset of individuals who contacted our client care center in the U.S. —specifically name, email address, mailing address and phone number. No other information was contained in the database. The clients affected have been informed,” said the spokeswoman.
When asked how many people were impacted, she said the incident affected one Chanel Inc. database in the U.S., which contained the information of individuals who contacted Chanel’s client care center in the U.S.
As a precaution, Chanel recommended to its clients that they remain vigilant for suspicious phone calls, emails or other unsolicited communications. They are also advising clients to never open attachments or click on links from unknown senders, or to disclose sensitive information to these sources. “Chanel will never reach out to you for your password or sensitive information, or send you links to identify yourself, through unsolicited emails, messages or phone calls,” said Chanel in the email.
In the letter to clients, Chanel said it “sincerely apologized for this incident and would like to assure you that Chanel takes the protection of our client data extremely seriously.” The company included a dedicated hotline in the letter for any questions.
“We continue to serve our clients without interruption. Data security and the privacy of our clients are of the utmost importance for Chanel, and we have dedicated significant resources to responding to the situation,” said the Chanel spokeswoman.
Retail-related cybersecurity attacks have become a growing problem in the industry. As reported, a report from KnowBe4 in March said there is a 56 percent spike in retail cyberattacks driven by phishing and AI. “This puts retail in the top five industries targeted by cybercriminals,” the report said. It noted that the average cost of a single retail data breach “reached $3.48 million in 2024,” representing an 18 percent increase from 2023.
In June, The North Face warned its customers not to recycle login information on its customer accounts, following a cyberattack on its site in April that used a technique called “credential stuffing.” An attacker had launched a “small-scale” credential stuffing attack” using email addresses/usernames and passwords stolen from another source, such as a breach of a different company or website, to gain unauthorized access to user accounts, as reported.
In May, Adidas said it had a cyberattack in which an “unauthorized third party” obtained some consumer data — but not any passwords, credit cards or an other payment-related information — through a third-party customer provider. The same month, Victoria’s Secret’s e-commerce site was down for a few days as it addressed a security incident. The breach also resulted in a delay of its first-quarter earnings report. And fashion firms overseas — Harrods, Marks & Spencer and the Co-op Group in the U.K. —in May also saw hackers targeting their online operations.
Dior confirmed in May that it was impacted by a data breach involving its Chinese customer base. The breach occurred in January 2025, but wasn’t discovered until May.
#Chanel #Reports #Data #Break #Impacting #U.S #Client #Database #Rising #Retail #Cyberattacks