Tiffany & Co. Data Breach — Gift Cards & Client Data Exposed CyberDudeBivash Authority Report (Long-Form Edition) Date: September 20, 2025 (IST)
Executive summary Tiffany & Co. has confirmed a cybersecurity incident that began on or around May 12, 2025 and was determined on September 9, 2025 to involve theft of customer information including gift card numbers and PINs for thousands of clients (U.S. and Canada). The company began mailing notification letters on September 16, 2025 ; a copy is posted by the Massachusetts AG and the incident also appears in the Maine Attorney General breach portal. The number of impacted people is approximately 2,500+ . Mass.gov +2 Mass.gov +2 Why this matters: Gift cards + PINs can be monetized rapidly (“card drain”), and the mix of names, addresses, emails, phone numbers, sales data, and client reference numbers enables targeted scams that look highly convincing. Cybernews Table of contents Incident at a glance Timeline with sources What data was exposed (and why it’s dangerous) How gift card draining works (criminal playbook) Risk to Tiffany clients ...