Sensitive customer info exposed in Mango data breach - here's what we know
Date:
Thu, 16 Oct 2025 14:37:00 +0000
Description:
Sensitive data stolen in third-party breach affecting Mango customers.
FULL STORY ======================================================================Mango suffered a third-party breach exposing customer details, but no financial
data Notifications warn of phishing risks; Spanish authorities & police informed ShinyHunters, known data extortion group, may be linked to recent retail sector breaches
Retail powerhouse Mango, a firm with more than 2,500 stores worldwide and operates in more than 120 markets, has suffered a third party data breach, losing sensitive customer information on a yet-undisclosed number of customers.
Earlier this week, the company sent out data breach notifications to its customers, warning them about potential incoming social engineering and other attacks. In the breach, Mango said that certain personal data was accessed through a breach at one of its external marketing services providers.
The attackers, which have not been named, stole peoples first names (surnames were not grabbed), countries, postal codes, email addresses, and phone numbers. Sensitive financial information, such as banking data, credit card information, IDs or passports, as well as login credentials and passwords, were not compromised, Mango stressed. Was it ShinyHunters?
The company continues to operate normally and confirms its infrastructure was not breached or compromised in any way. The attack triggered the companys usual security protocols, including notifying the Spanish Data Protection Agency (AEPD), as well as law enforcement.
For Raghu Nandakumara, VP of Industry Strategy at Illumio, the recent string of attacks on retailers shows how these companies do not sufficiently assess third party suppliers: Organizations still place far too much implicit trust in their suppliers, with research showing fewer organizations are concerned now about ransomware risks from their supply chains, he explained.
They must focus on containing and limiting the impact of attacks to ensure threats are stopped in their tracks before they can cripple essential
services and expose sensitive data.
Mango did not say who the breached third party is, or what it does in
relation to the retailer. It also did not name the attackers or discuss the nature of the breach.
However, a group known as ShinyHunters has been targeting major retailers for the past couple of months, breaching M&S , Harrods, Coop, and plenty of other retailers. Kering, the parent company of Gucci, Balenciaga, and others, was among the targets, as well.
ShinyHunters are primarily a ransomware group that doesnt deploy an encryptor on its targets servers, but rather simply exfiltrates sensitive data and then demands payment in cryptocurrency in exchange for deleting the stolen files. If the demands arent met, the data gets leaked on the internet, which could put the victim in the crosshairs of data watchdogs, and could lead to class action lawsuits.
Via Cybernews
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Domains used by notorious hacking group ShinyHunters for Salesforce hacks disrupted in FBI takedown Take a look at our guide to the best authenticator app We've rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/sensitive-customer-info-exposed-in-mang o-data-breach-heres-what-we-know
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)