- Mango suffered a third-party breach exposing its customer details, but no financial data.
- Notifications warn of phishing risks; Spanish authorities and police informed
- Known data extortion group ShinyHunters may be linked to recent retail breaches
Retail giant Mango, a company with more than 2,500 stores worldwide and operating in more than 120 markets, suffered a third-party data breach, losing sensitive customer information on an as yet unknown number of customers.
Earlier this week, the company sent data breach notifications to its customers, warning them of potential social engineering and other attacks. In this breach, Mango said some personal data was accessed through a breach at one of its external marketing service providers.
The attackers, who have not been named, stole people’s first names (last names were not captured), countries, zip codes, email addresses and phone numbers. Sensitive financial information, such as banking data, credit card information, identity documents or passports, as well as login IDs and passwords, were not compromised, Mango stressed.
Was it ShinyHunters?
The company continues to operate normally and confirms that its infrastructure has not been breached or compromised in any way. The attack triggered the company’s usual security protocols, including notification to the Spanish Data Protection Agency (AEPD), as well as law enforcement.
For Raghu Nandakumara, vice president of industry strategy at Illumio, the recent spate of attacks on retailers shows how these companies are not sufficiently evaluating third-party vendors: “Organizations still place far too much implicit trust in their suppliers, with research showing that fewer organizations are now concerned about ransomware risks from their supply chains “, he explained.
“They must work to contain and limit the impact of attacks to ensure threats are stopped before they can cripple essential services and expose sensitive data. »
Mango did not specify who the third party victim of the breach is, or what it does in relation to the retailer. It also did not name the attackers or discuss the nature of the breach.
However, a group known as ShinyHunters has been targeting major retailers for the past few months, attacking M&S, Harrods, Coop and many other retailers. Kering, the parent company of Gucci, Balenciaga and others, was also among the targets.
ShinyHunters is primarily a ransomware group that does not deploy an encryptor on its targets’ servers, but simply exfiltrates sensitive data and then demands payment in cryptocurrency in exchange for the deletion of the stolen files. If the requests are not met, the data is leaked on the Internet, which could put the victim in the crosshairs of data monitoring organizations and lead to class action lawsuits.
Via Cybernews
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
