The Zara data breach left 197,000 people with information exposed, but fortunately, hackers may not have accessed private information

ShinyHunters leaked 140GB of data from Zara’s BigQuery instances, exposing 197,400 emails, purchase records, and support tickets.
Inditex confirmed that no names, addresses, credentials or payment information were stolen, reducing direct risk.
Still, exposed emails and purchase details could drive personalized phishing campaigns against customers.

Fashion giant Zara lost customer data of almost 200,000 people, but it appears very little private information was actually stolen.

Zara is one of the largest fashion retailers in the world, with more than 1,500 stores worldwide, and is the flagship brand of the Inditex Group, which also owns Massimo Dutti, Pull&Bear, Bershka and many others.

Last month, it revealed that it had suffered a data breach as a result of the ongoing incident involving Anodot, an AI-powered cloud-based analytics platform that some companies have integrated with other services, such as Snowflake. When ShinyHunters ransomware actors broke into Anodot, they were able to access those integrations and steal files belonging to several companies.

ShinyHunters strikes again

When Inditex reported the incident, it said the attackers did not access private information such as names, phone numbers, addresses, login credentials or payment information.

“Inditex has immediately applied its security protocols and has begun to notify the competent authorities of this unauthorized access, which has its origin in a security incident that affected a former technology provider and that has impacted several companies that operate internationally,” the company stated then.

Meanwhile, ShinyHunters claimed responsibility for the attack and leaked a 140GB file it claims to have stolen from BigQuery instances. Now, Through beepcomputer reports Have I been fooled? analyzed the stolen data and found 197,400 email addresses, geographic locations, purchases and support tickets.

“The data contained 197,000 unique email addresses along with product SKUs, order IDs, and the marketplace from which the support ticket originated,” the service said.

While not having names and addresses reduces the risk to some extent, cybercriminals can still use the available information to run highly personalized phishing campaigns. Through these emails they can steal login credentials, deploy malware and thus further intensify the attacks.