In April 2026, Zara was targeted by the ShinyHunters extortion group, exposing approximately 197,000 unique email addresses along with purchase and support ticket data linked to a compromise of the Anodot analytics platform.
What happened
According to Have I Been Pwned, in April 2026 the ShinyHunters extortion group targeted Zara as part of a broader "pay or leak" campaign. The group claimed the breach stemmed from a compromise of the Anodot analytics platform, a third-party service, and subsequently published a terabyte of data.
Zara's parent company Inditex confirmed the incident involved a contractor and stated that passwords and payment information were not affected, as reported by Fashion Network.
What was exposed
According to HIBP, the leaked data included approximately 197,000 unique email addresses, geographic locations, product SKUs, order IDs, and the market origin of support tickets. The ShinyHunters group claimed the full dataset contained up to 95 million support ticket records.
Who is affected
Around 197,000 Zara customers whose email addresses appeared in support ticket records are confirmed to be affected. Customers who submitted support requests and had their data processed through the Anodot platform may be included.
What to do now
If you have a Zara account or have contacted Zara support, be alert for phishing emails that reference your purchases or order history, as attackers may use that context to appear credible. No password reset is required based on current disclosures, but it is good practice to use a unique password for your Zara account. Monitor your email for suspicious messages and report any unusual contact to Zara directly.