Spanish vogue retailer MANGO is sending notices of a data breach to its prospects, warning that its advertising and marketing vendor suffered a compromise exposing private information.
Based in 1984 in Barcelona, MANGO is a clothes and vogue equipment designer and producer, working bodily and e-commerce shops in 2,800 areas throughout 120 international locations.
The corporate employs 16,300 folks and has an annual income of €3.3 billion, of which roughly 30% comes from on-line purchases.
On October 14, 2025, the corporate despatched data breach notifications to its prospects, informing them that non-public information utilized in advertising and marketing campaigns had been compromised.
“MANGO needs to tell you that one of many exterior advertising and marketing providers has suffered unauthorized entry to sure prospects’ private information,” reads the discover.
The kinds of information uncovered on this incident embrace a buyer’s first title, nation, postal code, electronic mail handle, and phone quantity.
MANGO specified that final names, banking info, bank card information, IDs, passports, or account credentials weren’t compromised on this incident.
Though the absence of final names within the uncovered information set lessens the danger, attackers can nonetheless use the remaining compromised information in phishing assaults.
The corporate additionally famous that its company infrastructure and IT methods stay unaffected, and so enterprise operations weren’t impacted.
“We inform you that every part continues to operate usually and that Mango’s company infrastructure and methods haven’t been compromised,” acknowledged the corporate.
All security protocols in place had been activated upon studying of the data breach on the advertising and marketing service supplier, which has not been named.
The corporate additionally acknowledged that the Spanish Data Safety Company (AEPD) and related authorities have been notified in regards to the breach.
A devoted electronic mail handle (personaldata@mango.com) and phone hotline (900 150 543) have been established to assist prospects involved in regards to the potential publicity from this incident.
BleepingComputer has contacted MANGO to be taught extra in regards to the cyberattack and its scope of influence, however now we have not obtained a response on the time of publication.
No ransomware teams have introduced MANGO on their extortion portals, so the attackers stay unknown.
Be part of the Breach and Attack Simulation Summit and expertise the way forward for security validation. Hear from high consultants and see how AI-powered BAS is reworking breach and assault simulation.
Do not miss the occasion that can form the way forward for your security technique
