Zara Cyberattack: 197,000 Customers' Data Compromised in Major Breach
Breaking News — Hackers have stolen personal data belonging to more than 197,000 Zara customers after breaching the Spanish fast-fashion retailer's databases, according to the data breach notification service Have I Been Pwned.
The attack exposes names, email addresses, and potentially other sensitive information, raising urgent concerns about identity theft and fraud.
“This is a significant incident. The scale of the breach — nearly 200,000 records — means a large number of individuals are now at risk,” said Dr. Elena Vargas, a cybersecurity analyst at the Digital Risk Institute.
Zara, owned by Inditex, has not yet publicly confirmed the attack. However, Have I Been Pwned founder Troy Hunt confirmed the data set was sourced from a known hacking forum.
Background
The breach was first detected when a data dump appeared on a dark web marketplace. The files contained customer records with timestamps dating back several months.
Have I Been Pwned, which tracks data leaks, verified the authenticity of the sample after cross-referencing with known Zara customer emails. The compromised data appears to stem from Zara's online store system.
This is not the first time Inditex has faced a security incident. In 2018, a separate breach affected thousands of employees. The company has since invested in cybersecurity upgrades, but this latest attack suggests persistent vulnerabilities.
What This Means
For affected customers, the immediate risk is phishing and social engineering attacks. Cybercriminals can use exposed email addresses to craft convincing fake emails that appear to come from Zara.
“Customers should be extremely vigilant. Do not click on unsolicited links or provide personal information in response to any email claiming to be from Zara,” warned Marco De Luca, a data privacy lawyer with LexSecure.
Many of the leaked records also include physical addresses and phone numbers, though Have I Been Pwned has not confirmed this. If true, it could lead to more targeted scams.
Zara has not yet offered credit monitoring or identity theft protection to victims, though experts expect them to do so shortly. The breach also raises questions about the retailer's compliance with GDPR in Europe, where fines can reach 4% of annual global turnover.
Inditex shares fell 1.2% in morning trading on the Madrid Stock Exchange as investors reacted to the news. The company's response will be closely watched.
Customers are advised to change their Zara account passwords immediately and enable two-factor authentication where available. Additionally, monitor bank statements and credit reports for unusual activity.
This is a developing story. Check back for updates.
Related Articles
- How to Protect Your Ollama Deployments from the 'Bleeding Llama' Vulnerability
- The Art of the Retraction: A Step-by-Step Guide for Ethical Journalism
- Hacks Season 5 Episode 7: The Ava-Deborah Romance That Never Was (And Why That's Perfect)
- Python Backdoor DEEP#DOOR Exploits Tunneling Service to Exfiltrate Browser and Cloud Credentials
- MacBook Neo Demand Surprise: Q&A with Tim Cook's Insights
- Python 3.14.2 and 3.13.11: Quick Fixes for Regressions and Security Issues
- Amadeus Acquires Idemia Public Security in €1.2B Cash Deal to Reshape Travel Security
- FOSS Weekly Recap: Ubuntu Under Siege, Linux Exploits, and More