Spanish fashion retailer Mango has confirmed a data breach after one of its external marketing service providers suffered unauthorized access to limited customer information. The company emphasized that its corporate systems were not compromised and that financial or login details remain secure. The Mango data breach adds to a growing list of cybersecurity incidents hitting major global retailers in 2025.
In its official statement, Mango said the exposed data included customers’ first names, countries, postal codes, email addresses, and phone numbers. The company clarified that last names, banking information, credit card details, or passwords were not affected in the breach.
“Mango’s infrastructure and corporate systems have not been compromised,” the company said, assuring customers that normal operations continue. Upon discovering the breach, Mango immediately activated its security protocols and notified the Spanish Data Protection Agency (AEPD) and relevant authorities as required under data protection laws.
The retailer also urged customers to remain cautious of suspicious emails or phone calls and avoid sharing personal details with unknown sources. For assistance, Mango has made its customer service email and helpline available to address any concerns.
Responds Swiftly to Contain Mango Data Breach
According to the company, the Mango data breach was limited to marketing-related data held by an external provider. This incident did not involve Mango’s main network or systems handling sensitive information. The fashion retailer said it took “immediate action” to contain the issue and ensure no further exposure.
Mango reiterated its commitment to privacy, stating, “We regret any inconvenience this specific incident may have caused. The protection of our customers’ data remains a top priority.”
The Spanish Data Protection Agency (AEPD) has been informed, and Mango continues to cooperate fully with authorities as investigations continue.
Retail Cybersecurity Under Pressure Amid Global Attacks
The Mango data breach comes amid a series of high-profile retail cyberattacks across Europe and the United States this year. Just weeks earlier, luxury fashion house Louis Vuitton disclosed a cyberattack — the third within 90 days — that exposed customer data from its global and Korean operations. The LVMH cyberattack, confirmed on July 2, 2025, affected personal information but not payment data.
In May, Victoria’s Secret also reported a security incident that forced the company to temporarily take down its U.S. website while investigations were ongoing. Meanwhile, UK logistics firm Peter Green Chilled, a supplier to supermarkets like Tesco and Sainsbury’s, experienced a cyberattack that disrupted operations.
Luxury retailer Harrods was another recent victim, confirming a Harrods cyberattack in April 2025 that prompted precautionary restrictions on internet access at its sites. Although customer services remained active, the incident highlight the increasing pressure on retail cybersecurity worldwide.
Maintains Strong Business Performance Despite Mango Data Breach
Despite the recent Mango data breach, company’s business continues to show strong growth. The company reported a turnover of €1.728 billion in the first half of 2025, marking a 12% increase year-over-year and a 14% growth at constant exchange rates. The retailer invested around €110 million in strategic projects during this period, with 70% allocated to new store openings and refurbishments.
With a presence in 120 countries and 2,925 points of sale worldwide, Mango’s international business now represents 78% of total turnover. Its top-performing markets include Spain, France, Turkey, Germany, and the United States.
Ongoing Focus on Customer Trust and Cyber Resilience
As the Mango data breach investigation continues, the retailer is reinforcing its cybersecurity measures and reviewing third-party security policies to prevent similar incidents in the future. The company said it remains committed to transparency and the protection of customer data.
“MANGO makes our Customer Service email address ([email protected]) and telephone number (900 150 543) available for any additional questions, and we regret any inconvenience this specific incident may have caused you,” reads company’s statement. “As always, we want to thank you for your trust and commitment to our brand,” statement concluded.
