Mango has notified its customers of a security incident affecting a portion of their personal data. As outlined in the mass email sent to customers of the popular fashion brand, the unauthorized access occurred in one of the external marketing services used by the company, and not directly within Mango’s corporate systems.
The company has emphasized that the compromised information is limited to contact data used for marketing campaigns. The exposed data are as follows:
In this regard, Mango has sought to reassure affected individuals, assuring them that higher-risk information remains secure. The email highlighted that under no circumstance have your banking information, credit card details, identification/passport numbers, login credentials, or passwords been compromised.
Furthermore, the fashion company assures that its internal corporate infrastructure and systems have not been compromised, and that the company’s operations continue as normal.
Upon becoming aware of the incident, Mango reported that it activated “all security protocols immediately” and proceeded with the official notification. In accordance with current regulations (GDPR), the fashion chain has reported the breach to the Spanish Data Protection Agency (AEPD) as well as to the relevant authorities.
Since contact information, especially email addresses and telephone numbers, have been exposed, the principal risk for customers is an increase in fraud attempts and identity theft. That is, while the security breach exposed limited data, it is highly valuable for potential phishing attacks, which would allow attackers to craft fraudulent communications that appear much more legitimate and credible.
Thus, a prudent recommendation for affected customers would be to pay careful attention to future communications from the company and to remember that Mango will never request your passwords, complete credit card numbers, PIN codes, or identification numbers via email, SMS, or telephone call.
In any case, the company has established a dedicated contact channel for customers with questions about the incident: personaldata@mango.com or by phone at +34 900 150 543.
The full email sent by Mango on the afternoon of October 14 reads as follows:
“In line with our commitment to the security and privacy of our customers, MANGO would like to inform you that one of our external marketing services has suffered unauthorized access to certain customers’ personal data.
The exposed information is limited to personal contact data used in marketing campaigns: exclusively your first name (your surnames have not been compromised), country, postal code, email address, and telephone number. We want to inform you that everything is functioning normally and that Mango’s infrastructure and corporate systems have not been compromised.
Under no circumstances have your banking information, credit card details, identification/passport numbers, login credentials, or passwords been compromised.
Immediately upon becoming aware of this situation, MANGO activated all security protocols. In accordance with current regulations and following our internal policies, MANGO has notified the Spanish Data Protection Agency (AEPD) and the authorities.
As a preventive measure, we are issuing this communication and recommend that all our customers remain vigilant for any suspicious communications or requests for unusual actions by email or telephone.
MANGO makes available the email address of our Customer Service Department (personaldata@mango.com) and telephone number (900 150 543) for any additional questions, and we regret any inconvenience this isolated incident may have caused you.
As always, we wish to thank you for your trust and continued loyalty to our brand.”
Image: Gemini
Your email address will not be published. Required fields are marked *
Δ