Zara Parent Inditex Reports Third-Party Data Breach Involving Transaction Records

Zara owner Inditex disclosed that it found unauthorised access to databases hosted by a third party, in a breach involving information on customer transactions, Reuters reported.

The company reportedly stated the affected databases did not contain customer names, addresses, passwords or bank card details, limiting the sensitivity of the exposed data. Inditex said it moved quickly after discovering the incident, applying security protocols immediately and beginning notifications to the relevant authorities.

What Led to the Breach?

According to the company, the breach originated from a security incident at a former technology provider and has affected several companies operating internationally.

The disclosure reportedly suggests the issue was not caused by a breach of Inditex’s own internal systems, but by access gained through an external vendor.

Growing Dependence on Third-Party

The incident comes at a time when companies across retail and other sectors are facing increased exposure through third-party service providers.

For Inditex, the world’s largest clothing company and parent of Zara, Bershka and Stradivarius, the breach appears to be limited to commercial transaction information rather than personal or financial data.

That distinction is important under the European Union’s GDPR rules, which require quick reporting of personal data breaches and can impose heavy penalties for non-compliance.

Customer Data Safe

The company has reportedly not indicated that customer payment details were compromised, which may have helped contain market concern. Still, the episode adds to broader worries around vendor-related cyber risk, especially for global retailers that depend on large external technology ecosystems.

Inditex has continued to operate from a position of strength despite wider industry pressures.

The Spanish retailer recently reported annual sales of €39.9 billion, with online transactions contributing a significant share. At the same time, it has faced a tougher consumer backdrop, currency pressure and tariff-related uncertainty, even as it invests heavily in logistics and automation to support future growth.