Cartier Data Breach
Cartier Luxury Jeweler Breach (Salesforce, 2025): 45 Million Customer Email Addresses Exposed
Luxury jewelry and watch manufacturer.
Risk Interpretation
Exposure enables phishing, fraud, delivery impersonation, and targeting of high-net-worth customers. Jewelry and watch purchase data can also create physical-security concerns.
Impact & Downstream Threats
Cartier was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025, with customer email addresses published as part of the Salesforce campaign. Security researchers noted that Cartier's customer email list — representing verified purchasers of high-value jewelry and watches — constitutes an especially sensitive targeting list for social engineering, theft-related fraud, and high-value phishing campaigns. Cartier has not made detailed p
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
Cartier, the French luxury jewelry and watchmaker, was caught up in a broad attack campaign targeting Salesforce, the customer relationship management platform used by businesses worldwide. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and listed Cartier among roughly 39 organizations on its dark web leak site in October 2025. The group released a sample of stolen data on October 3, 2025, and announced plans to publish the full dataset on October 10, 2025. The breach affected an estimated 45.4 million customer records. The exposed data includes customer names, birthdates, country of residence, email addresses, and internal account identifiers. While financial details and physical addresses do not appear in the confirmed sample, the combination of real names, birthdates, and verified email addresses belonging to Cartier customers is particularly sensitive. Cartier's clientele are buyers of high-value jewelry and watches, making this list an attractive target for phishing, impersonation scams, and fraud schemes designed to exploit high-net-worth individuals. Cartier has not made detailed public statements about the scope of its exposure. No regulatory actions or formal breach notifications have been publicly confirmed as of the time of this report. Affected individuals should be alert to unsolicited emails purporting to be from Cartier or related luxury brands, treat any requests for account verification or payment information with caution, and be aware that their status as Cartier customers may itself be used as leverage in social engineering attempts.
About Cartier
Cartier is a French luxury jewelry and watchmaker founded in Paris in 1847, widely regarded as one of the world's most prestigious luxury brands. The company designs and sells jewelry, watches, accessories, and leather goods through a global network of boutiques and authorized retailers. Cartier is a subsidiary of Richemont, the Swiss luxury conglomerate, and operates independently within that group alongside brands including Van Cleef & Arpels, IWC, and Jaeger-LeCoultre.
Why They Hold Your Data
Luxury jewelry and watch brands collect customer identity, contact details, addresses, purchase histories, service records, and payment-adjacent data across retail and after-sales operations.
Recent Developments
Cartier has continued operating within the Richemont group through a period of variable luxury goods demand, particularly in the key Chinese market. Richemont has reported solid performance in its jewelry maisons division — which includes Cartier — relative to broader luxury market softness. The brand has invested in digital retail and clienteling tools as part of its customer engagement strategy.
Data Points Exposed
Canonical Fields
email_address
Dark Web Verification
- Dataset containing ~45.4M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: cartier-salesforce-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Cartier
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam