Zara data breach exposed personal information of 197,000 people

bleepingcomputer.com·May 8, 2026

Zara experienced a data breach affecting over 197,000 customers, where hackers accessed databases hosted by a former tech provider, exposing unique email addresses, geographic locations, and purchase information, but not names or payment details. The ShinyHunters extortion gang claimed responsibility for the breach and leaked a large archive of the stolen data.

The Zara data breach highlights the importance of scrutinizing and managing third-party technology providers, as the incident stemmed from a former tech provider's vulnerability. For cybersecurity professionals, this underscores the need for robust vendor risk management practices, including regular audits and stringent access controls, to prevent similar breaches in the future.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Zara data breach exposed personal information of 197,000 people

Want more content like this?

More from Cybersecurity News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Linux bitten by second severe vulnerability in as many weeks

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor