A ShinyHunters campaign has resulted in the compromise of information belonging to over 197,000 customers of fashion outlet Zara, according to HaveIBeenPwned. The data breach notification service posted a brief note on its website explaining data stolen during an April 2026 incident included unique email addresses alongside product Stock Keeping Units (SKU), order IDs and information relating to support tickets.
Initially, Zara’s parent company Inditex claimed that no names, passwords, bank-card details or any other payment methods were affected by the incident, though it said an unauthorized access stemming from a security incident that affected a former technology provider had impacted several companies internationally. The incident is believed to have stemmed from an attack on analytics provider Anodot, with stolen Anodot authentication tokens used to access downstream data platforms.
HaveIBeenPwned said the group claimed to have accessed as many as 95 million support ticket records in this way, with the data held not only in BigQuery but also in Snowflake instances.