// #retail
3 articles
Zara Confirms Data Breach Affecting 197,000 Customers — ShinyHunters' April Extortion Claim Now Substantiated
Inditex has confirmed that a breach of Zara customer data exposed the personal information of approximately 197,000 people, substantiating the ShinyHunters extortion claim from late April 2026. Exposed data includes names, email addresses, postal addresses, phone numbers, and purchase history. European GDPR notification has been filed and affected customers are being contacted.
Rituals Cosmetics Discloses Data Breach — Up to 40 Million My Rituals Members' PII Potentially Exposed
Amsterdam-based luxury cosmetics brand Rituals has disclosed a breach of its My Rituals membership platform affecting potentially up to 40 million registered members across its 1,170-plus retail locations in 37 countries. Exposed data includes names, contact details, date of birth, gender, and purchase history. The breach carries significant GDPR obligations as Rituals is headquartered in the EU.
ShinyHunters Claims Breaches at Zara, Carnival, and 7-Eleven — Extortion Deadline Set
Prolific threat actor ShinyHunters posted simultaneous claims of data theft from Inditex/Zara, Carnival Corporation, and 7-Eleven on dark web forums on 21 April, threatening to publish stolen datasets. None of the companies has confirmed the breaches. Given ShinyHunters' track record, claims should be treated as credible pending investigation.