Zara parent hit by data breach, no customer data compromised
What's the story
Inditex, the world's largest clothing retailer and parent company of popular brands like Zara and Bershka, has suffered a major data breach. The incident was caused by a third-party technology provider and has affected multiple international companies and exposed information related to commercial transactions. However, Inditex clarified that the compromised data does not include customer names, contact details, passwords, or payment information.
Immediate action
Company activated security protocols after discovering breach
After discovering the breach, Inditex quickly activated its security protocols and began informing relevant authorities. The company stressed that its operations and systems remain unaffected by this incident. "Inditex's operations and systems have not been affected in any way and customers can continue to access and operate in complete safety," a company statement read.
Regulatory adherence
Inditex is subject to EU regulations
Being headquartered in Spain, Inditex is subject to EU regulations. The General Data Protection Regulation (GDPR) requires personal data breaches to be reported within 72 hours. Non-compliance can result in severe penalties. In its annual report, Inditex had warned about the potential impact of technological incidents on its operations due to high digitalization and technological integration in its business model.
Market impact
Fiscal year sales of €39.9 billion
Founded by billionaire Amancio Ortega, Inditex recently reported fiscal year sales of €39.9 billion ($47 billion), with online transactions accounting for 27% of that total. Following the data breach disclosure, Inditex shares saw a slight gain of 0.6% in Madrid on Thursday. This indicates that despite the security incident, investor confidence in the company remains relatively stable at this point.