
Zara Data Breach via Anodot Compromise by ShinyHunters, 197K Records Exposed
Fashion brand Zara was targeted by the ShinyHunters extortion group as part of their 'pay or leak' campaign, with the breach occurring on April 15, 2026. The incident was related to a compromise of the Anodot analytics platform. A terabyte of data, allegedly including 95 million support ticket records, was published. The data contained 197,376 unique email addresses, product SKUs, order IDs, and market information. Zara's parent company, Inditex, stated that passwords or payment information were not affected.
Signal context
First seen: Apr 15, 2026
Last updated: Jul 3, 2026
Status: Public signal
Key points
- Targeted by ShinyHunters extortion group.
- Breach date: April 15, 2026.
- Related to compromise of Anodot analytics platform.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch process controls, misconfiguration and accidental disclosure paths.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 23 signals in the same sector
- 88 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Zara Data Breach April 2026 - What Was Exposed and What To Do - Sherlock Forensicshttps://www.sherlockforensics.com/blog/breach-2026-04-15-zara.htmlPublic source from sherlockforensics.com.
Zara Data Breach - Have I Been Pwnedhttps://haveibeenpwned.com/Breach/ZaraPublic source from haveibeenpwned.com.
197,000 People Affected in Zara Data Breach Tied to Analytics Vendor - Safestatehttps://www.safestate.com/post/197-000-people-affected-in-zara-data-breach-tied-to-analytics-vendorPublic source from safestate.com.
Related signals
Grouped by why the signal is relevant.
Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge
Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.
French Government Platform Jeveuxaider.gouv.fr Suffers Data Leak Affecting 550,000 Accounts
On June 16, 2026, the French government announced that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak affecting approximately 550,000 accounts.
Dutch hospitals restore digital access after cyberattack on ChipSoft
On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.
CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig
The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.
STNet, Inc. Affected by KDDI Corporation Data Breach
STNet, Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. STNet customers' email addresses and passwords may have been compromised.
eogb.co.uk Hit by Stormous Ransomware Group
eogb.co.uk, a UK-based organization, was claimed as a victim by the Stormous ransomware group. The incident was discovered on June 28, 2026, at 21:29 UTC, with deep access to Microsoft Dynamics GP, internal legal documents, partnership agreements, customer contracts, operational spreadsheets, financial reports, and executive documents.
