Mytheresa, a luxury fashion e-commerce platform, had data on approximately 84,000 customers exposed after the ShinyHunters extortion group published it following a failed ransom demand in April 2026.
What happened
According to HIBP, in April 2026 the ShinyHunters cybercriminal group listed Mytheresa as a target in their "pay or leak" extortion campaign. When the ransom deadline passed without payment, the group publicly released the stolen data. The breach was disclosed on HIBP on 27 May 2026, with reporting by Cybernews.
What was exposed
The released data included email addresses, names, phone numbers, and physical addresses. It also contained purchase history and partial credit card data — specifically card type, the last four digits, and expiry dates. Full card numbers do not appear to have been included.
Who is affected
Approximately 84,108 unique customer accounts were affected, according to HIBP. These are customers of Mytheresa, a luxury fashion e-commerce platform.
What to do now
Monitor your payment card for suspicious activity and consider requesting a replacement card from your bank, as partial card data combined with other personal details can be used in phishing or social engineering attacks. Be alert to targeted phishing emails or calls that reference your purchases or personal details. Consider enabling two-factor authentication on your Mytheresa account and any accounts sharing the same email address or password.