Mango warns of cyberattack compromising customer personal data

Late October 14, Mango alerted its customers via email that a significant portion of their personal data had been compromised in a cyberattack. The company, led by Toni Ruiz, sought to reassure customers that banking information was not among the compromised data.

The Spanish fashion multinational explained in the aforementioned email, using careful phrasing, that the security breach did not occur within Mango's corporate data processing systems. They emphasised that these systems “have not been compromised” and continue to “operate normally”. The breach instead occurred with an external marketing services provider. No further details were provided about the entity, other than it handled personal customer data for marketing campaigns. This data was compromised, allowing third parties to gain access as a result of an “unauthorised access”, or cyberattack.

“In line with our commitment to the security and privacy of our customers, Mango wishes to inform you that one of our external marketing services has suffered an unauthorised access to certain customer personal data,” the Spanish fashion multinational warned members of its customer community. “Upon becoming aware of this situation, Mango immediately activated all security protocols.” They added that “in accordance with current regulations and following our internal policies, Mango has informed the Spanish Data Protection Agency (AEPD) and the relevant authorities.”

No breach of banking information, ID or passwords

The company has not specified the number of customers affected by the security breach, nor whether they are limited to Spain or include other markets. However, Mango did detail in its warning message which data was and was not compromised in the cyberattack.

Regarding the compromised data, Mango warns that unauthorised third parties have accessed customer information such as their first name, country, postal code, email address and telephone number. Customer surnames, banking information, credit card numbers, national ID and passport numbers, and login details and passwords for their accounts on the online store were not affected by this security breach. This fact limits but does not eliminate the potential effects of the cyberattack. In light of the data breach, the company advises its customers to be particularly vigilant about any communications they may receive by email or telephone.

“The exposed information is limited to personal contact data used in marketing campaigns,” Mango explained to its customers. “Under no circumstances has your banking information, credit cards, ID/passport, or your login credentials and passwords been compromised.” The company also informed the public that “everything continues to operate normally and that Mango's corporate infrastructure and systems have not been compromised.”

However, elaborating on the above, the “exposed information” includes “exclusively first name (your surnames have not been compromised), country, postal code, email address and telephone number”. For this reason, “as a preventive measure, we are issuing this communication and recommend that all our customers pay attention to any suspicious communications or unusual requests for action by both email and telephone,” the Spanish company added. Mango invites any customers with concerns to contact the company through its usual customer service channels.

From Tendam and El Corte Inglés, to Louis Vuitton and Pandora

With its warning notice and acknowledgement of this “unauthorised access” to customer personal data, Mango joins the ever-growing list of major fashion multinationals affected by similar incidents in recent months, not just years. This list includes Spanish companies such as Tendam, Hoff and El Corte Inglés, as well as fashion houses and multinational companies like Dior, Marks & Spencer, The North Face, Cartier, Louis Vuitton, and Pandora.

This article was translated to English using an AI tool.

OR CONTINUE WITH

Cyber Crime

Mango