Zara data breach exposes 200K customers after alleged ransomware attack

Published: 17 May 2026

Stefanie Schappert
Senior Journalist

Zara shopping bag — Image by rblfmr | Shutterstock

Roughly 200,000 Zara customers were exposed during an April cyberattack later claimed by the notorious ShinyHunters gang, according to a new report by HaveIBeenPawned.

Hackers exposed data tied to roughly 200,000 Zara customers in an alleged ransomware attack.
The retailer previously appeared on a leak site connected to the ShinyHunters Salesforce extortion campaign.
The breach could give hackers a sharper phishing playbook by tying customer identities to real orders and complaints.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Inditex, Zara’s parent company and the world’s largest fashion retailer, announced on April 16th it had been hit following a third-party breach involving one of its technology providers.

Zara store front London — Image by nugastaia | Shutterstock

The unauthorized access “stems from a security incident that affected a former technology provider and has impacted several companies operating internationally," Intidex said in a statement at the time.

The admission came just days after Shiny Hunters ransomware group posted Zara on its dark leak site, claiming to have hacked the company’s “BigQuery databases,” as part of a recent “pay or leak” campaign, giving the company an April 21st deadline.

After ignoring ShinyHunters’ ransomware threats, the gang, as promised, dumped a large cache of data allegedly exfiltrated from Zara's networks.

Zara, Inditex ShinyHunters breach — Image by Cybernews | Chris Dorney/Shutterstock

Scale of customer exposure confirmed

Intidex, at the time, said the “information of customers from different markets included customer email addresses, purchase history, order IDs, plus product and support ticket information.

A new entry by the data-breach tracking platform HaveIBeenPwnd (HIBP) has now revealed that exactly 197,400 customers were exposed in the leak.

Zara breach is listed on Have I Been Pwned. Image by Cybernews

“The group published a terabyte of data, allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs, and the market the support ticket originated in,” HIBP said in last week’s report.

Although Intidex did not confirm ShinyHunters' involvement or name the tech provider linked to the attack, the cybercriminals claim to have gained access to Zara's networks through a previous compromise of the Israeli AI analytics firm Anodot, part of an attack wave targeting Snowflake customers.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

Inditex, noting that “names, surnames, telephone numbers, addresses, passwords, bank cards, or other payment methods were not exposed, ” had also told customers that “operations and systems were unaffected” and they could “continue to access and use its services safely.”

With more than 2,220 stores worldwide and a robust online presence, Zara is one of several major clothing and home brands owned by the Spanish company.