Overview

• Mango said the incident stemmed from an external marketing service used for promotional campaigns.
• The exposed information was limited to name without surname, country, postal code, email address and phone number.
• The company reported no compromise of corporate systems or sensitive data such as banking details, identity documents, passwords or access credentials.
• Security protocols were activated, the Spanish Data Protection Agency was notified and customers were urged to treat suspicious emails or calls with caution.
• An investigation into the vendor’s breach is underway, with the case reflecting a wider wave of cyberattacks on major fashion and retail groups.