Mango Customer Data Breach via Compromised Marketing Vendor
Spanish fashion retailer Mango experienced a data breach after one of its external marketing service providers was compromised, resulting in the exposure of customer information. The breach was discovered over the weekend and prompted Mango to immediately activate its security protocols to contain the incident. The compromised data included customers’ first names, countries, postal codes, email addresses, and phone numbers, but did not include last names, passwords, or financial information such as credit card or banking details. Mango emphasized that its own corporate infrastructure and IT systems were not affected by the breach, ensuring that business operations continued without disruption. The company notified affected customers via email, providing details about the nature of the breach and the specific data involved. Mango also reported the incident to the Spanish Data Protection Agency (AEPD) and other relevant authorities in compliance with regulatory requirements. The company established a dedicated email address and telephone hotline to support customers with concerns about the breach. Mango advised customers to remain vigilant for suspicious communications or requests for unusual actions, as the exposed data could be used in phishing attacks. The incident highlights the growing risk of supply chain attacks, where third-party vendors become the entry point for cybercriminals targeting large organizations. Mango’s swift response and transparency in communication were noted, as the company reassured customers that no sensitive financial or authentication data was compromised. The breach is part of a broader trend of cyberattacks targeting retailers and their supply chains, with other major brands in Spain and globally having faced similar incidents in recent months. Mango’s case underscores the importance of robust vendor risk management and the need for continuous monitoring of third-party partners. The company reiterated its commitment to data protection and announced plans to review and strengthen its security measures to prevent future incidents. Customers were encouraged to contact Mango if they noticed any suspicious activity related to their personal information. The breach serves as a reminder for organizations to ensure that their external partners adhere to stringent cybersecurity standards.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Mango discloses customer data breach tied to third-party provider
Mango disclosed that a cyber incident at a third-party provider exposed some customer information, describing the breach as a supply-chain-related incident. Multiple reports on October 15-16, 2025, covered the same disclosure and did not indicate separate victims or additional distinct developments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Spanish fashion retailer MANGO disclosed a data breach
securityaffairs.com
Open sourceThird-party breach affects Mango customer info
scworld.com
Open sourceMango discloses data breach at third-party provider
malwarebytes.com
Open sourceMango sufre un ciberataque a través de su cadena de suministro
computerworld.es
Open sourceClothing giant MANGO discloses data breach exposing customer info
bleepingcomputer.com
Open sourceMango says some customer information exposed in cyber incident
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
ManoMano Customer Data Exposed via Third-Party Customer Service Provider Breach
European DIY e-commerce platform **ManoMano** disclosed a large-scale data breach after threat actors compromised a **third-party customer service provider (subcontractor)**, leading to the unauthorized extraction of customer data tied to accounts and support interactions. The incident was identified in **January 2026** and affects roughly **38 million** customers across ManoMano’s European markets; the company reported no evidence that its internal systems were altered and stated that **passwords were not accessed**. Reportedly exposed data varies by customer but includes **names, email addresses, phone numbers, and customer service communications** (including support tickets and potentially attachments). A threat actor using the alias **“Indra”** claimed responsibility on a hacker forum and alleged possession of approximately **37.8 million** user records, a figure broadly consistent with ManoMano’s notification, though the claim has not been independently verified. ManoMano said it **blocked the compromised account, revoked the subcontractor’s access**, and implemented **enhanced access controls** while continuing its investigation.
Mar 21, 2026
Marks & Spencer Hack Exposed Customer Data and Drove Major Retail Disruption
Marks & Spencer said a cyberattack exposed customer personal data and caused prolonged disruption across its retail operations, including suspended online orders, store outages, delivery problems, and empty grocery shelves. The company said stolen information included names, dates of birth, home and email addresses, phone numbers, household details, and online order histories, prompting password resets for online accounts. UK authorities, including the National Cyber Security Centre, worked with affected retailers and law enforcement as the fallout spread beyond M&S. The attack has been linked in reporting to **Scattered Spider** and the **DragonForce** ransomware and extortion operation, with **Co-op** and **Harrods** also reported as targets around the same period. M&S later said the intrusion began through a contractor compromised via sophisticated social engineering rather than exploitation of a flaw in its own systems, and warned the impact would continue for months. The retailer estimated the incident would cut profits by about **£300 million**, with some losses expected to be offset through insurance and other recovery measures.
May 27, 2026
ROMWE Discloses Data Security Incident Affecting Shoppers
Fast-fashion retailer **ROMWE** notified customers of a data security incident involving shopper information, according to a company disclosure carried by Yahoo Finance. The notice indicates the company informed affected users directly and publicly acknowledged that customer data was exposed in the breach, prompting a formal incident response and outreach effort. The available reporting provides limited technical detail, but the incident appears to involve unauthorized access to consumer data held by the retailer. For CISOs, the event underscores persistent third-party e-commerce and customer-data exposure risks, particularly where online retail platforms store personal information that can be leveraged for fraud, account abuse, or follow-on phishing against affected shoppers.
May 25, 2026