{"id":213598,"date":"2026-05-14T02:30:06","date_gmt":"2026-05-14T06:30:06","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/14\/zara-data-breach-197000-customers-exposed-in-third-party-security-incident-2\/"},"modified":"2026-05-14T02:30:09","modified_gmt":"2026-05-14T06:30:09","slug":"zara-data-breach-197000-customers-exposed-in-third-party-security-incident-2","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/14\/zara-data-breach-197000-customers-exposed-in-third-party-security-incident-2\/","title":{"rendered":"Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/191859\/cyber-crime\/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html\">Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/191859\/cyber-crime\/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html\">https:\/\/securityaffairs.com\/191859\/cyber-crime\/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-08 10:05:51<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<h2>Zara Data Breach: Over 190,000 Customers Exposed in Third-Party Security Incident<\/h2>\n<p>A significant data security incident involving the Spanish fashion group Inditex, which owns Zara, has affected nearly 197,000 customers. The attack, linked to the cyber group ShinyHunters, targeted a former third-party technology provider and compromised email addresses, order IDs, product SKUs, geographic data, historical purchase details, and customer support records. Inditex quickly acted upon learning of the breach, asserting that sensitive information such as names, passwords, and payment details were not impacted. The breach stemmed from a &#8220;pay or leak&#8221; campaign by ShinyHunters, who exploited tokens from the Anodot analytics platform to breach numerous large organizations, resulting in multiple data leaks. Although the specific compromised vendor has not been named, Inditex maintains that its operations have remained uninterrupted and assures customers of ongoing safe service usage.<\/p>\n<h2>Key Points:<\/h2>\n<ul>\n<li><strong>197,400 Customers Affected<\/strong>: Detailed personal information, like email addresses, purchase history, and customer interactions, were exposed.<\/li>\n<li><strong>No Financial Impact<\/strong>: Compromising data did not include passwords, payment details, addresses, or phone numbers.<\/li>\n<li><strong>Third-Party Vendor Breach<\/strong>: The incident highlights significant security vulnerabilities in a third-party provider used by Inditex.<\/li>\n<li><strong>Exploit Using Anodot Tokens<\/strong>: ShinyHunters used stolen tokens from Anodot analytics to breach the data of several large companies.<\/li>\n<li><strong>Inditex&#8217;s Response<\/strong>: Immediate application of security protocols and notifications to authorities, alongside assurances of operational continuity.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident https:\/\/securityaffairs.com\/191859\/cyber-crime\/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html Publish Date: 2026-05-08 10:05:51&#8230;<\/p>\n","protected":false},"author":1,"featured_media":213600,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-21.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,28,31],"class_list":["post-213598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-data-security","tag-exploit"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213598"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213598"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213598\/revisions"}],"predecessor-version":[{"id":213602,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213598\/revisions\/213602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213600"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}