Spanish fashion giant Inditex Group is the latest major company to fall victim to a cyberattack. “Unauthorized access” to the company’s computer databases was reported. These contain customer information from different markets. However, it is emphasized that this incident did not affect customers’ personal or banking information.
According to a statement from Inditex management, the breach into customer databases was discovered on the servers of one of its technology providers. These infrastructures were the target of a cyberattack that affected both Inditex and other internationally active companies.
Following the attack, the Spanish fashion group, parent company of chains such as Zara, Bershka, Pull&Bear and Massimo Dutti, “immediately” implemented its security protocols. The responsible authorities were also notified. This was the result of a security breach on this third-party technology provider’s servers, which host the company’s compromised databases. Inditex reiterates that the incident “in no way” affected customers’ personal and banking information. These “can continue to access and operate with complete security”.
A growing risk for companies
With this incursion into its databases, which contain commercial information from customers in various markets, Inditex joins the growing list of companies and corporations in the sector.
Aware of this growing potential risk, Inditex launched a Cybersecurity Advisory Board in 2023. This happened especially in the context of a multinational company like Inditex, which follows an omnichannel business model. This is a body independent of its Audit and Compliance Committee. Its purpose is to advise the company on information security and cybersecurity issues. These are considered among the potential technological risks for the company, given the “high level of digitalization and technological integration of Inditex’s business model”.
This nature leads the company to assess, as it states in its 2025 annual report, that “the eventual realization of technological incidents could have a far-reaching impact on the activities of the Group. Such incidents may arise from factors such as infrastructure failures, cybersecurity incidents, application errors or difficulties in interacting with third-party technologies, affecting the normal development of operational and commercial processes”.
To further mitigate these potential risks, “during 2025, we continued to strengthen our defense capabilities. This is to improve detection and response to threats such as DDoS attacks, credential stuffing, and third-party vulnerabilities,” such as the one just identified, the report adds. To achieve these goals, the company has a specialized cyber intelligence team. This is responsible for the continuous monitoring and early detection of risks and threats. It also has a Security Operations Center (SOC) available 24 hours a day, seven days a week. The SOC is responsible for detecting, analyzing, reporting and resolving potential “security events” that could affect Inditex.
This article was created using digital tools translated.
FashionUnited uses artificial intelligence to speed up the translation of articles and improve the end result. They help us to make FashionUnited’s international reporting quickly and comprehensively accessible to a German-speaking readership. Articles translated using AI-based tools are proofread and carefully edited by our editors before they are published. If you have any questions or comments, please email [email protected]