Inditex reported on Wednesday night time that it had suffered unauthorized entry to the corporate’s databases, which have been hosted on servers belonging to a third-party supplier.
The Galician textile group says that these databases “contain information on the commercial relationship with clients from different markets, but in no case data such as name and surname, telephone number, address, passwords, bank cards or other means of payment”, so, in precept, it guidelines out that private information of shoppers has been affected.
The firm that owns Zara explains that it has transferred the incident to the “corresponding authorities”, after having “immediately” utilized its safety protocols. The safety breach, he provides, “has its origin in an incident suffered by a former technology provider that has affected various companies with international activity.” “Inditex’s operations and systems have not been affected in any way and customers can continue to access and operate with complete security,” the corporate says in an announcement shared with the media.
As is common in one of these multinationals, Inditex identifies cybersecurity as one of many components of its threat map. “Given the high degree of digitalization and technological integration of the business model, the eventual materialization of incidents of a technological nature – derived, among other factors, from infrastructure failures, cybersecurity incidents, errors in applications or difficulties in interaction with technological third parties – could have a transversal impact on the group’s activity, affecting the normal development of operational and commercial processes,” it says in its newest annual report. Something the latter that, as defined by the corporate, has not occurred.
Inditex has an info safety committee, devoted to the “mitigation of technological and cybersecurity risks”, in addition to the “protection of the group’s critical information”, and which incorporates, amongst different senior managers, the CEO, Óscar García Maceiras.
Additionally, in 2023 it shaped a cybersecurity advisory committee, which serves as a consulting physique to the board of administrators on info safety issues. For instance, this physique met 5 occasions in 2025, wherein “the risks of the geopolitical context, the impact of artificial intelligence, the most common threats and new intrusion techniques were reviewed, highlighting the need to reinforce training and internal awareness,” as described within the group’s annual report.
It explains the completely different groups it has on this matter: one specialised in cyber intelligence; or a safety operations heart working 24 hours a day, “responsible for the detection, analysis, notification and resolution of potential security events that may affect the company.” During 2025, it recognized 66 occasions of curiosity that have been reported to the security committee, with no notable impacts.
It is just not the primary case of a Spanish retail firm that suffers a pc assault with entry to databases.
In October, Mango reported having suffered unauthorized entry to sure buyer private information by means of an exterior advertising and marketing service. Cybercriminals have been capable of get hold of private information utilized in advertising and marketing campaigns; names with out surnames, nation of origin, postal codes, phone numbers and e mail addresses.
Another giant firm within the sector, El Corte Inglés, suffered a pc assault in March of final yr that allowed cybercriminals entry to the private information of the distribution group’s shoppers, which was additionally hosted by an exterior supplier.
https://elpais.com/economia/2026-04-15/inditex-sufre-un-ataque-informatico-con-acceso-a-bases-de-datos-de-sus-filiales.html