Mango warns of cyberattack that has exposed customer data in Spain

Another cyberattack has targeted a fashion company in Spain. This time the victim has been Mango, which sent a warning email to all of its registered customers on 14 October: "In line with our commitment to the security and privacy of our customers, Mango would like to inform you that one of the external marketing services has suffered unauthorised access to certain personal data."

Cybercriminals attack any sector with a high volume of transactions, which makes the fashion industry a very attractive target.

The Catalan company assured customers that the information exposed "is limited to personal contact details used in marketing campaigns". According to Mango, the cybercriminals have gained access to first names, country, postcode, email address and telephone number. "We inform you that everything continues to function normally and that Mango's infrastructure and corporate systems have not been compromised," the message reads. In addition, the company stated that "banking information, credit/debit cards, ID cards and passports" have not been accesssed. The passwords and usernames of customers have also not been targeted by the attack.

Mango has activated all security protocols, including notifying the Spanish data protection agency (AEPD) and the responsible authorities. Even so, the company recommends that customers pay attention to any suspicious communication or requests for unusual actions both by email and telephone. In case of doubt, several communication channels are available for queries related to the cyberattack: the customer service email address (personaldata@mango.com) and the 900 150 543 telephone number.

The cyberattack on Mango comes just a year after Spanish fashion retail group Tendam (with clothing brands such as Cortefiel, Women's Secret, Springfield and Pedro del Hierro) suffered a similar incident. Cybercriminals gained access to more than 720 gigabytes of information, where compromised customer data could be found. Through unauthorised access, the perpetrators demanded that the company pay 800,000 euros to prevent the information from being leaked.

Earlier this year, Alicante footwear company Hoff was also hit by a cybercattack targeting names, telephone numbers and order history. In March, El Corte Inglés also reported unauthorised access.

Also this past spring, Marks & Spencer suffered a security breach that forced it to block its website for weeks and pause online orders, which is estimated to have cost the company up to 404 million dollars. Adidas became the victim of a breach in May and The North Face in April. Decathlon reported a breach involving employee emails in May.