Spanish fast-fashion retailer Zara has disclosed a data breach impacting more than 197,000 customers after hackers successfully infiltrated the company's databases. The breach was confirmed through data breach notification service Have I Been Pwned, which tracks and catalogs compromised credentials and personal information across the internet.

Zara, a flagship brand of the Inditex retail group and one of the world's largest fashion retailers, operates thousands of stores globally and maintains an extensive online presence. The company processes millions of customer transactions annually, making its databases a high-value target for cybercriminals seeking personal and financial information.

While specific technical details about the attack vector remain limited, the breach resulted in unauthorized access to customer databases containing personal information. The exact types of data compromised have not been fully disclosed, though typical retail breaches often include names, email addresses, physical addresses, phone numbers, and potentially payment card information or account credentials.

The breach affects nearly 200,000 customers who entrusted their personal information to the retailer during online purchases or account registrations. Compromised data of this nature can be weaponized for various malicious purposes, including identity theft, targeted phishing campaigns, credential stuffing attacks against other services, and financial fraud. The appearance of the data in breach notification databases suggests the stolen information may already be circulating among cybercriminal communities.

Affected customers should immediately change their Zara account passwords and enable two-factor authentication if available. They should also update passwords on any other accounts where they reused the same credentials. Customers should monitor their financial statements for unauthorized transactions and remain alert for phishing emails or text messages that reference their Zara purchases or account details. Security experts recommend treating any unsolicited communications claiming to be from Zara with suspicion, particularly those requesting personal information or urging immediate action.

Source: https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/