ManoMano Customer Data Exposed via Third-Party Customer Service Provider Breach
European DIY e-commerce platform ManoMano disclosed a large-scale data breach after threat actors compromised a third-party customer service provider (subcontractor), leading to the unauthorized extraction of customer data tied to accounts and support interactions. The incident was identified in January 2026 and affects roughly 38 million customers across ManoMano’s European markets; the company reported no evidence that its internal systems were altered and stated that passwords were not accessed.
Reportedly exposed data varies by customer but includes names, email addresses, phone numbers, and customer service communications (including support tickets and potentially attachments). A threat actor using the alias “Indra” claimed responsibility on a hacker forum and alleged possession of approximately 37.8 million user records, a figure broadly consistent with ManoMano’s notification, though the claim has not been independently verified. ManoMano said it blocked the compromised account, revoked the subcontractor’s access, and implemented enhanced access controls while continuing its investigation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
ManoMano publicly discloses breach affecting about 38 million customers
In late February 2026, ManoMano notified roughly 38 million customers that a third-party vendor breach had exposed personal data including names, email addresses, phone numbers, and customer service communications. The company said passwords were not accessed, there was no evidence of data modification, and the investigation was ongoing.
Threat actor 'Indra' claims possession of ManoMano customer data
In February 2026, a BreachForums user using the alias "Indra" claimed responsibility for the breach and alleged possession of data on about 37.8 million users, along with support tickets and attachments. These claims were reported publicly but not independently verified.
ManoMano contains breach and reports it to French authorities
After detecting the incident in January 2026, ManoMano blocked the compromised account the same day, revoked the subcontractor's access, and strengthened access controls and monitoring. The company also notified French authorities including CNIL and ANSSI, with some reports also mentioning the Cyber Emergency Île-de-France platform.
ManoMano detects unauthorized access via customer support subcontractor
In January 2026, ManoMano discovered that attackers had used a compromised account belonging to a third-party customer support subcontractor to access and download customer data. Reporting indicates the access may have involved the subcontractor's Zendesk environment rather than ManoMano's core systems.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
ManoMano Zendesk Data Breach Exposes 38 Million Customers Across Europe: Incident Analysis and Security Implications
rescana.com
Open sourceManoMano data breach affects 38 million customers via third-party provider | brief | SC Media
scworld.com
Open sourceEurope’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach
techrepublic.com
Open sourceManoMano data breach impacted 38 Million customer accounts
securityaffairs.com
Open sourceFrench DIY etailer ManoMano admits customer data stolen • The Register
go.theregister.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Odido Customer Contact System Breach Exposes Data of 6.2 Million Customers
Dutch telecommunications provider **Odido** disclosed a cyberattack in which threat actors gained unauthorized access to a **customer contact/CRM system** and **downloaded personal data** associated with approximately **6.2 million customer accounts**. Odido stated the intrusion was detected over the **February 7–8** weekend and that access was terminated as quickly as possible; the company also reported the incident to the Dutch Data Protection Authority (**Autoriteit Persoonsgegevens**) and engaged external cybersecurity experts to support investigation and additional defensive measures. Odido said its **telecom operations were not disrupted**, and no threat actor group has publicly claimed responsibility; reporting also notes the attackers allegedly contacted Odido to assert they had stolen millions of records. Exposed data varies by customer but may include **full name, address/place of residence, mobile number, customer number, email address, IBAN bank account number, date of birth, and identification document details** (e.g., passport/driver’s license number and validity). Odido emphasized that **passwords** (including for the *My Odido* portal), **call logs**, **location data**, **invoice/billing details**, and **scans of ID documents** were **not** affected. Odido is notifying impacted individuals via email from **`info@mail.odido.nl`** or by SMS, and warned that the stolen data could be used for **impersonation and phishing** attempts that appear to come from Odido.
Mar 21, 2026
Mango Customer Data Breach via Compromised Marketing Vendor
Spanish fashion retailer Mango experienced a data breach after one of its external marketing service providers was compromised, resulting in the exposure of customer information. The breach was discovered over the weekend and prompted Mango to immediately activate its security protocols to contain the incident. The compromised data included customers’ first names, countries, postal codes, email addresses, and phone numbers, but did not include last names, passwords, or financial information such as credit card or banking details. Mango emphasized that its own corporate infrastructure and IT systems were not affected by the breach, ensuring that business operations continued without disruption. The company notified affected customers via email, providing details about the nature of the breach and the specific data involved. Mango also reported the incident to the Spanish Data Protection Agency (AEPD) and other relevant authorities in compliance with regulatory requirements. The company established a dedicated email address and telephone hotline to support customers with concerns about the breach. Mango advised customers to remain vigilant for suspicious communications or requests for unusual actions, as the exposed data could be used in phishing attacks. The incident highlights the growing risk of supply chain attacks, where third-party vendors become the entry point for cybercriminals targeting large organizations. Mango’s swift response and transparency in communication were noted, as the company reassured customers that no sensitive financial or authentication data was compromised. The breach is part of a broader trend of cyberattacks targeting retailers and their supply chains, with other major brands in Spain and globally having faced similar incidents in recent months. Mango’s case underscores the importance of robust vendor risk management and the need for continuous monitoring of third-party partners. The company reiterated its commitment to data protection and announced plans to review and strengthen its security measures to prevent future incidents. Customers were encouraged to contact Mango if they noticed any suspicious activity related to their personal information. The breach serves as a reminder for organizations to ensure that their external partners adhere to stringent cybersecurity standards.
Mar 21, 2026
Dutch Organizations Report Data Breaches and Extended Unauthorized Access
Dutch authorities reported a prolonged compromise at the Dutch prisons agency **DJI**, where attackers reportedly maintained access for at least **five months**. Exposed information included staff **email addresses, phone numbers, and security certificates**, and the Dutch NCSC indicated the intruders also accessed **phones, tablets, and laptops**, though the extent of data access on those endpoints was not confirmed; DJI did not confirm whether access had been fully removed. Separately, Dutch telecom **Odido** disclosed a **data breach followed by an extortion attempt**, after which attackers publicly released about **1M records** (including **317k unique email addresses**) and threatened additional leaks. The published data reportedly included **names, physical addresses, phone numbers, bank account numbers**, and customer-service notes; Odido’s notice also warned that **dates of birth** and government ID numbers (passport/driver’s license) were impacted. A **Canadian Tire** breach entry describes a different incident in Canada (October 2025) involving ~**42M records** with PBKDF2-hashed passwords and some partial payment-card metadata, and is not part of the Netherlands-focused events above.
Mar 21, 2026