The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Luxury Goods/Jewelry

Breach intelligence, attack campaigns, and threat reports targeting the Luxury Goods/Jewelry sector.

5 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Luxury Goods/Jewelry Threat Reports

Showing 15 / 5 reports
Seiko USA Website Defaced: Hackers Claim Customer Data Theft
Impact· HIGH
Retail Industry

Seiko USA Website Defaced: Hackers Claim Customer Data Theft

In April 2026, Seiko USA's website was defaced by attackers who claimed to have breached the company's Shopify backend, exfiltrating sensitive customer data including names, email addresses, phone numbers, order histories, and shipping information. The attackers demanded a ransom, threatening to publicly release the stolen data if their demands were not met. Seiko USA has not publicly confirmed the breach, and the defaced content has since been removed from the website. This incident underscores the growing trend of cybercriminals targeting e-commerce platforms to access customer data, highlighting the critical need for robust security measures and prompt incident response strategies to protect sensitive information and maintain customer trust.

2 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(low)
E
Exfiltration(medium)
I
Impact(high)
Read Report
Sotheby’s 2025 Data Breach: Employee Financial Data Compromised
Impact· high
Fine Art

Sotheby’s 2025 Data Breach: Employee Financial Data Compromised

In July 2025, Sotheby's, the renowned international auction house, identified a significant cybersecurity breach in which an unknown threat actor exfiltrated sensitive employee information, including full names, Social Security numbers, and financial account details. The breach was discovered on July 24, 2025, and an internal investigation with data protection experts and law enforcement extended over two months to confirm the nature and scope of compromised data. Sotheby’s responded by notifying impacted employees and offering a year of free identity protection and credit monitoring services. No ransomware group claimed responsibility, and the number of affected individuals remains undisclosed. This incident underscores ongoing risks facing financial and high-value service sectors, especially from sophisticated attacks targeting personnel data for monetization and fraud. Organizations with sensitive employee or client financial data must act promptly as regulatory scrutiny tightens and attacks on high-net-worth entities continue to escalate.

5 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(low)
LM
Lateral Movement(low)
C&C
Command & Control(low)
E
Exfiltration(high)
I
Impact(high)
Read Report
Sotheby's 2025 Data Breach: When Sensitive Customer Information Goes Public
Impact· high
Fine Art

Sotheby's 2025 Data Breach: When Sensitive Customer Information Goes Public

In July 2025, Sotheby's, a leading global auction house, suffered a significant data breach in which threat actors exfiltrated sensitive customer data. Discovered on July 24, the breach resulted in the exposure of customers' full names, Social Security numbers, and financial account information. An internal investigation spanned two months, determining the scale and nature of the data affected and the impacted individuals, which included Maine and Rhode Island residents. While the number of victims remains undisclosed, Sotheby's began notifying those affected and offered complimentary identity protection and credit monitoring. No ransomware group has publicly claimed responsibility, and the attack’s vector remains unknown, but similar institutions have faced ransomware- and data-theft-related intrusions in recent years. This incident underscores the rising frequency and impact of data breaches targeting well-known, high-value companies, particularly those handling sensitive customer and financial information. It highlights pressing concerns around regulatory compliance, the need for comprehensive incident detection and response, and growing regulatory scrutiny of data protection practices in sectors beyond traditional financial services.

5 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(medium)
LM
Lateral Movement(low)
C&C
Command & Control(low)
E
Exfiltration(high)
I
Impact(high)
Read Report
Harrods Suffers Major Supply Chain Breach: 430,000 Customer Records Exposed in 2025
Impact· high
Retail Industry

Harrods Suffers Major Supply Chain Breach: 430,000 Customer Records Exposed in 2025

In September 2025, UK luxury retailer Harrods disclosed a major cybersecurity incident after attackers exploited a vulnerability in a third-party supplier, leading to the exposure of 430,000 e-commerce customer records. The breach, unrelated to earlier attacks by Scattered Spider, leveraged a supply chain vector similar to the widespread Salesloft OAuth attack, allowing data exfiltration from connected Salesforce environments. Compromised data included names, contact information, and internal marketing labels, but excluded financial data and passwords. Harrods responded by promptly notifying affected customers and authorities, while refusing to engage with extortion attempts by the threat actor. This incident illustrates the growing risk of supply chain compromise in the retail and e-commerce sector, where attackers increasingly exploit third-party platforms for large-scale data theft. As regulatory scrutiny intensifies and similar attacks proliferate, organizations must reevaluate supply chain security controls and customer notification protocols.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(low)
E
Exfiltration(medium)
I
Impact(high)
Read Report
2025 Retail Salesforce Data Heist: Extortion Attack Exposes Cloud Security Gaps
Impact· medium
Retail Industry

2025 Retail Salesforce Data Heist: Extortion Attack Exposes Cloud Security Gaps

In mid-2025, a sophisticated data extortion campaign targeted high-end retail organizations leveraging Salesforce environments. Threat actors—identified as UNC6040 (responsible for access and reconnaissance) and Bling Libra (aka ShinyHunters, handling extortion)—gained initial access through voice-based phishing (vishing) techniques. After establishing a foothold, they conducted in-depth reconnaissance to collect sensitive customer data, including names, birthdates, contact details, and account metadata, which was then exfiltrated. The attackers threatened public disclosure unless the victim organizations paid a ransom, all while leaving minimal forensic traces due to a lack of malware deployment and custom tools. This incident highlights the increasing sophistication of financially motivated cybercrime operations and an industry-wide shift towards data theft extortion without ransomware. There is an urgent need for retail and cloud-reliant enterprises to reassess their security controls, as social engineering vectors bypass traditional perimeter defenses and regulatory scrutiny around cloud data protections intensifies.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(high)
I
Impact(medium)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports