Spanish fashion retailer MANGO disclosed a data breach

Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information.

Mango is a global fashion brand founded in Barcelona in 1984, it has over 2,850 stores in 120 countries and 16,400 employees. In 2024, it reported €3.3 billion in revenue and €219 million in profit. Online sales account for about one-third of total revenue. Key markets include Spain, France, and the United States.

The Spanish fashion disclosed a data breach after its marketing vendor was compromised, exposing customer personal data. The company sent data breach notifications to the impacted customers on October 14, 2025.

Compromised data includes first name, country, postal code, email address, and phone number. The company pointed out that the security breach did not affect sensitive data such as banking details, ID/passport, login credentials, and passwords. The incident did not impact the company’s internal systems. The company notified the Spanish Data Protection Agency (AEPD).

“In line with our commitment to the security and privacy of our customers, MANGO would like to inform you that one of our external marketing services suffered unauthorized access to certain customers’ personal data.” reads the data breach notification.

“The exposed information is limited to personal contact data used in marketing campaigns: exclusively your first name (your last name was not compromised), country, postal code, email address, and phone number. We want to assure you that everything continues”

At the time of this writing, no ransomware groups have claimed responsibility for the attack on MANGO.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, fashion retailer)