Spanish fashion retailer Mango has informed customers that a recent cyber attack on one of its external marketing service providers may have led to the theft of personal contact information.
The company stated that it acted swiftly to notify affected individuals and relevant authorities, emphasising that its core IT systems and financial data remain secure.
According to Mango, the breach targeted a third-party service used for marketing campaigns, allowing hackers to gain unauthorised access to limited personal contact details, including names, countries, postal codes, email addresses, and phone numbers.
The company stressed that no sensitive information was compromised, meaning customer banking information, credit card numbers, login credentials, and passwords were unaffected. Mango confirmed that its internal infrastructure and corporate systems were not impacted and that business operations continue as normal.
Upon detecting the incident, Mango immediately activated its security protocols and informed the Spanish Data Protection Authority (AEPD) and other relevant regulatory bodies in accordance with applicable laws.
The company highlighted the breach as a reminder of ongoing cybersecurity risks in the retail sector, citing recent incidents affecting other major brands such as Marks & Spencer, Harrods, and Louis Vuitton.
Mango advised customers to remain vigilant against suspicious communications or unusual requests via email or phone and has provided a dedicated customer service email and helpline for queries. The company expressed regret for any inconvenience caused to its customers.
