Mango says some customer information exposed in cyber incident

Spanish fast-fashion retailer Mango said that one of its external marketing service providers suffered a data breach exposing limited customer information, though its own corporate systems were not affected.

In a statement on Tuesday, the company said the compromised data included customers’ first names, countries, postal codes, email addresses and phone numbers, but did not include last names, passwords or financial information such as credit card or banking details.

“Mango’s infrastructure and corporate systems have not been compromised,” the company said, adding that it had notified the Spanish Data Protection Agency (AEPD) and other authorities in line with regulations.

Mango’s top markets include Spain, France and Turkey. The company has dozens of U.S. stores and more than 2,700 worldwide.

The incident is the latest in a string of cyberattacks targeting Spanish and global retailers. In March, El Corte Ingles disclosed that a breach at one of its third-party suppliers exposed customer identification and credit card details. Another Spanish chain, Tendam, was hit by hackers who reportedly stole 720 gigabytes of data and demanded an €800,000 ransom.

Retailers across Europe have also been hit. Earlier this year, Co-op UK said a cyberattack wiped $274 million off its revenues, while Louis Vuitton confirmed breaches at its stores in Turkey, South Korea and the U.K. exposed customer data. Other global brands, including Victoria’s Secret, Dior, Tiffany, and Adidas, have also faced cyber incidents in recent months.

Mango said it detected the incident over the weekend and immediately activated its security protocols. Its online operations were not disrupted.

“We recommend that all our customers pay attention to any suspicious communications or requests for unusual actions, both by email and by phone,” the company added.