Zara
What was exposed
Email addressesGeographic locationsPurchasesSupport tickets
What to do if you were affected
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
- Be wary of targeted scams that use your personal details to sound convincing.
Details
In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information .
Frequently asked questions
What is the Zara data breach?
In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and...
When did the data breach happen?
This data breach occurred around April 2026.
How many accounts were affected?
Around 197,376 accounts were affected.
What information was exposed?
Exposed data included Email addresses, Geographic locations, Purchases and Support tickets.
What should I do if I was affected?
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Be wary of targeted scams that use your personal details to sound convincing.
Related breaches