Zara Hit by ShinyHunters Data Breach Exposing 197K Customer Records Last month, global fashion retailer Zara was confirmed as a victim of a data breach linked to the cybercriminal group ShinyHunters. The incident resulted in the exposure of 197,000 unique email addresses, along with customer support records, product SKUs, and order IDs. According to reports, 60% of the leaked emails were already present in LinkedIn’s database, suggesting prior exposure in other breaches. The compromised data did not include financial information but could be leveraged for phishing or targeted attacks. ShinyHunters, known for selling stolen data on underground forums, has been linked to multiple high-profile breaches in recent years. The full extent of the breach’s impact remains under investigation, though the exposed records may increase risks for affected customers.

Mango, a global retail brand with over 2,500 stores across 120 markets, experienced a third-party data breach via an external marketing services provider. The incident exposed customer personal data, including first names, countries, postal codes, email addresses, and phone numbers. However, no financial data (e.g., banking details, credit card info, IDs, passports) or login credentials were compromised. The breach triggered notifications to affected customers, warning of potential phishing and social engineering risks. Authorities, including Spain’s Data Protection Agency (AEPD) and law enforcement, were informed. While Mango’s own infrastructure remained unaffected, the attack aligns with a recent wave of retail breaches linked to the ShinyHunters extortion group, which exfiltrates data and demands ransom under threat of public leaks. The company did not disclose the third-party vendor or the exact number of impacted customers.