Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People

Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider.

Data breach notification service Have I Been Pwned said approximately 197,400 unique email addresses were included in the leaked dataset.

The company said it had launched security protocols and notified the relevant authorities following the incident, Reuters reports.

It was reported that the data leak included customers’ email addresses, purchase history, order IDs, product information, and support ticket information. Inditex confirmed that passwords, payment card information, and physical addresses were not breached, and their internal operations and systems remained untouched.

BleepingComputer reports linked the incident to the ShinyHunters extortion group, which allegedly accessed the data through compromised authentication tokens connected to analytics provider Anodot.  

The group is believed to have leaked the information after unsuccessful extortion attempts.

Even though none of the financial information or passwords was compromised ...