Mango latest retailer to experience data breach

In the email, seen by Retail Week, Mango said that information exposed was limited to personal contact information. “Under no circumstances have your banking information, credit cards, ID/passport, or login credentials or passwords been compromised,” it added.

It told shoppers that it had informed the data protection agency and the authorities and warned consumers to pay attention to any suspicious communications or requests, whether by email or phone.

A spokesperson from Mango said that, given the unauthorised access was through a third-party supplier that held some customer information, that the company’s “operations and systems are entirely unaffected – customers can continue to shop with Mango, through the app, website and in stores, safely.” 

Cyber attacks on retailers have been in the headlines across the year, after an attack on Marks & Spencer shut down online sales for six weeks. Co-op, which was hit around the same time, revealed last month that the attack had an £80m impact on profits and a £206m hit on revenues.

Harrods also recently saw customer data being taken from a third-party provider. The luxury department store said that 430,000 customer records had been stolen. This did not include payment information or customer passwords and Harrods said it would refuse to engage with the hackers.

The National Cyber Security Centre (NCSC) revealed earlier this week that it dealt with 204 “nationally significant incidents” in the year to August 31, 2025, more than double the number seen the year before.

“Empty shelves and stalled production lines are a stark reminder that cyber attacks no longer just affect computers and data, but real business, real products, and real lives,” said NCSC chief executive Richard Horne in his foreword to the report.

Mango told customers in its e-mail: “We regret any inconvenience this specific incident may have caused you. As always, we want to thank you for your trust and commitment to our brand.”