verified2026-04-15

ZaraZara breach

zara.com · 197,376 records compromised

Records
197K
Breach date
2026-04-15
Domain
zara.com
Data classes
4

Description

In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information .

Compromised data classes· 4

Email addressesGeographic locationsPurchasesSupport tickets

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Breach
Mytheresa
Breach
Zadig & Voltaire
Breach
Aman
Breach
ZenBusiness
Breach
GLAMIRA
Breach
Shoe Zone
Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.