Industry - Data Breach
Executive Summary
Hackers accessed databases belonging to a former technology provider of Spanish fashion retailer Zara, exposing personal information of approximately 197,000 customers including email addresses, purchase histories, geographic locations, and support ticket data. The ShinyHunters cybercrime gang claimed responsibility and leaked 140GB of stolen data, though Zara's parent company Inditex stated that names, phone numbers, addresses, passwords, and payment information were not compromised. The bre...
What Happened
In April 2026, hackers gained unauthorized access to databases hosted by a former technology provider for Spanish fashion retailer Zara, part of the Inditex Group. The ShinyHunters cybercrime gang claimed responsibility for the breach, allegedly using compromised Anodot authentication tokens to access BigQuery instances and leak 140GB of stolen data. According to Have I Been Pwned's analysis, the breach exposed information belonging to 197,400 customers, including unique email addresses, purchase histories, order IDs, product SKUs, geographic locations, and customer support ticket data.
Who Is Affected
Approximately 197,400 Zara customers across different international markets are affected by this breach. The exposed data includes their email addresses, shopping histories, and support interactions with the retailer. According to Inditex, the breach did not expose customers' names, phone numbers, physical addresses, passwords, or payment information such as bank card details.
Why It Matters
This incident demonstrates the privacy risks inherent in third-party vendor relationships, where retailers' customer data remains vulnerable even after switching providers. While the breach did not expose financial credentials, the combination of email addresses with detailed purchase histories and geographic data creates a profile that could be used for targeted phishing campaigns or sold to marketing entities. The involvement of ShinyHunters, a prolific extortion gang that has claimed responsibility for breaches at numerous major companies in recent months, suggests an escalating pattern of attacks exploiting authentication tokens and SSO vulnerabilities.
What You Should Do
If you are a Zara customer, monitor your email account for phishing attempts that reference your shopping history or attempt to impersonate Zara customer support. Be skeptical of unsolicited emails claiming to be from Zara, especially those requesting personal information or containing links. Check if your email address appears in the breach by visiting Have I Been Pwned and searching your email address. Consider using unique email addresses or email aliasing services for different retailers to help identify the source of future spam or phishing attempts.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources