Inditex is strengthening its security measures following a data breach involving third-party vendors

Posted date 21/05/2026

21/05/2026

The security breach affecting Zara and Inditex was made public in April 2026. The incident was linked to the cybercriminal group ShinyHunters, known internationally for its involvement in massive data leaks and digital extortion campaigns. The first reports appeared in outlets such as Reuters and cybersecurity websites, which explained that the intrusion had not occurred directly within Zara’s internal systems, but rather through a third-party platform that stored information related to transactions and support services. Shortly thereafter, Inditex itself confirmed the incident and stated that it had activated its response protocols and notified the relevant authorities.
The incident involves the exposure of information belonging to approximately 197,000 customers, whose data was reportedly obtained by the attackers after they compromised systems associated with a technology provider. The affected data is said to include email addresses, order IDs, purchase histories, and certain operational information related to customer service. According to information released by the company and various cybersecurity researchers, login passwords and full banking details were not compromised. After detecting the intrusion, Inditex stated that it had strengthened security measures, restricted access to the affected systems, and launched a technical investigation to determine the actual scope of the attack. Additionally, the company initiated communication processes with regulatory authorities and potentially affected users.
Currently, the case continues to be monitored by cybersecurity experts and technology media, as some of the stolen information appears to have been published or used by ShinyHunters as a means of exerting pressure. Although the company maintains that its critical and financial systems were not directly compromised, the incident has reignited the debate over large companies’ reliance on third-party vendors and the need to strengthen data protection controls.

References

16/04/2026

www.reuters.com

Zara owner Inditex reports unauthorised access to transaction databases
08/05/2026

securityaffairs.com

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
08/05/2026

www.moncloa.com

Zara sufre brecha de datos: ShinyHunters expone 197.000 clientes tras ataque a proveedor tecnológico
08/05/2026

www.eleconomista.es

Zara sufre una filtración de datos que afecta a la información personal de más de 197.000 clientes
09/05/2026

www.cronista.com

Hackeo masivo en Zara | Robaron información sensible de este grupo de clientes durante un ciberataque

Etiquetas