Inditex data breach: Zara owner Inditex reports major data breach exposing customer transaction records

Zara owner Inditex has said that the company suffered a data breach at a third-party company containing information on transactions with customers. The breach exposed information related to commercial transactions, Bloomberg reported.

What was leaked in the hack?

In an emailed statement to Reuters, the Spanish retail giant said that the leaked data did not contain client names, contact information, passwords, or information on payment methods.

The company also said that the security incident originated with a former technology provider and has impacted several companies operating internationally. Inditex noted that it immediately applied security protocols following the discovery and has started notifying the relevant authorities.

“Inditex’s operations and systems have not been affected in any way and customers can continue to access and operate in complete safety,” the company said in a statement, as quoted by French publication Economía.

“Given the high degree of digitalisation and technological integration of the business model, the eventual materialisation of incidents of a technological nature – derived, among other factors, from infrastructure failures, cybersecurity incidents, errors in applications or difficulties in interaction with technological third parties – could have a cross-cutting impact on the group’s activity, affecting the normal development of operational and commercial processes,” Inditex had said in its annual report.

Notably, Inditex is headquartered in Spain, which means the data breach falls under the purview of the European Union. The EU’s General Data Protection Regulation (GDPR) guidelines mandate that personal data breaches must be notified to the authorities within 72 hours, and heavy penalties can be levied on companies that fail to comply with the norms.

Founded by billionaire Amancio Ortega, Inditex is the world’s largest clothing firm and operates major brands including Zara, Bershka, and Stradivarius. According to Bloomberg, the company recently reported fiscal year sales of €39.9 billion ($47 billion), with online transactions accounting for 27 percent of that total.

After the disclosure about the data breach, Inditex shares reportedly saw a slight 0.6 percent gain in Madrid on Thursday.

In other related news, GTA maker Rockstar Games had also recently announced a massive data breach linked to the notorious ransomware group ShinyHunters, which it said exploited a vulnerability in a third-party cloud analytics provider.

Meanwhile, another Spanish fashion retailer Mango had also confirmed a data breach, which it said was a result of unauthorised access to a third-party marketing provider. In that campaign, the hackers were able to obtain personal data used in marketing campaigns such as names without surnames, country of origin, zip codes, telephone numbers, and email addresses.