CONSENSUS WIRE
← Back to Tech & Science

Zara Customer Data Exposed in Cyberattack Linked to ShinyHunters Group

Tech & ScienceAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

MADRID (AP) — Personal data belonging to 197,000 customers of the Spanish fashion retailer Zara was exposed following a cyberattack on a former technology provider used by parent company Inditex, the ShinyHunters extortion group announced Thursday.

The attackers claimed responsibility for the breach, stating they exploited compromised authentication tokens from Anodot, a data analytics firm previously engaged by Inditex. The incident, which ShinyHunters described as part of a "pay or leak" extortion campaign, was disclosed on Thursday, May 8, 2026.

Inditex, the world's largest fashion retailer by revenue, operates the Zara brand in more than 90 countries. The company has not yet publicly commented on the specific details of the breach or the volume of data involved. ShinyHunters stated that the stolen information includes names, email addresses, and other personal identifiers linked to customer accounts.

The attack vector targeted Anodot, a technology provider that previously handled data processing for Inditex. Security researchers noted that the compromise of authentication tokens allowed unauthorized access to sensitive customer databases. The group demanded a ransom payment to prevent the public release of the data, a tactic commonly employed by cybercriminal organizations in recent years.

Zara's global operations mean the affected customers are spread across multiple continents. The exposure of personal data raises concerns about potential identity theft and phishing campaigns targeting the individuals whose information was stolen. Inditex has a history of investing heavily in cybersecurity measures, but the breach highlights the risks associated with third-party vendor relationships.

Cybersecurity experts warned that the exposure of authentication tokens could allow attackers to access additional systems if similar vulnerabilities exist elsewhere in the supply chain. The incident adds to a growing list of high-profile data breaches affecting major retail chains in 2026.

Inditex has not confirmed whether any payment was made to the attackers or if the data has been fully secured. The company's response to the incident remains unclear as of Thursday afternoon. ShinyHunters has not provided a deadline for the ransom demand, but the group typically sets a time limit before releasing data publicly.

The breach underscores the ongoing challenges faced by multinational corporations in protecting customer data from sophisticated cyber threats. As investigations continue, customers whose information was exposed may face increased risks of fraud and unauthorized access to their personal accounts.

Authorities have not yet announced if they have opened a formal investigation into the incident. The Spanish National Police and cybersecurity agencies are expected to monitor the situation as it develops. Inditex has not issued a statement regarding the breach or the steps being taken to mitigate the impact on affected customers.

The situation remains fluid as the company works to assess the full scope of the data exposure and implement additional security measures. Customers are advised to monitor their accounts for suspicious activity and consider updating their passwords and security settings.