Zara confirms 200,000 customers’ data exposed in alleged ransomware attack

Zara confirmed that nearly 200,000 customers were affected by a data breach following an alleged ransomware attack linked to the ShinyHunters cybercrime group, which later published a large cache of stolen information online.

Inditex, the Spanish retail giant that owns Zara and several other global fashion brands, disclosed on April 16 that it had experienced unauthorized access involving a former third-party technology provider. The company said the incident impacted multiple international businesses connected to the affected vendor.

The disclosure came days after the ShinyHunters group listed Zara on its dark web leak platform, claiming it had breached the retailer’s “BigQuery databases” as part of a “pay or leak” extortion campaign. The group reportedly issued an April 21 deadline before threatening to release the stolen data publicly.

After the deadline passed, the cybercriminals released what they claimed was a significant volume of data extracted from Zara’s systems.

New details from data breach tracking platform HaveIBeenPwned revealed that exactly 197,400 customer accounts were exposed in the leak. The compromised data included email addresses, product SKUs, order IDs, purchase histories and information linked to customer support tickets.

The leaked dataset reportedly totaled approximately one terabyte and allegedly included 95 million support ticket records.

Inditex said the exposed information covered customer email addresses, order-related details and support information across different markets. The company stated that sensitive personal and financial information, including names, phone numbers, addresses, passwords, bank card details and payment methods, were not compromised.

The retailer also said its operational systems remained unaffected and customers could continue using Zara’s services safely.

Inditex did not identify the technology provider involved in the breach or confirm the role of ShinyHunters. The cybercriminal group claimed it gained access through an earlier compromise involving Israeli AI analytics firm Anodot as part of a broader attack campaign targeting Snowflake customers.

Zara operates more than 2,220 stores globally alongside a major online retail business, making it one of the world’s largest fashion retailers under the Inditex group.