Overview
- The Spanish fashion chain reported that hackers accessed data via an external marketing provider, not Mango’s own systems, which continue to operate normally.
- Exposed information was limited to first name, country, postal code, email address, and phone number, with no banking details, IDs, passwords, or login credentials affected.
- Mango notified customers by email this week, activated security protocols, and reported the incident to Spain’s data protection authority (AEPD).
- The company has not named the third-party vendor, has not disclosed the number of affected customers or their locations, and has not attributed the attack.
- Security experts warn the contact data could be used for phishing and social‑engineering scams, and coverage notes the impact could span multiple regions given Mango’s global operations.