Mango, a Spanish-based clothing retailer trading as MNG in Australia, has notified customers about a data breach involving a third-party marketing provider.
The company reported that the incident led to the exposure of certain personal contact details, including first names, country, postal code, email addresses, and phone numbers.
Mango clarified that no sensitive financial or identification information – such as credit card numbers, banking details, or login credentials – was accessed during the breach.
In a statement published by Cyber Daily, Mango said: “Under no circumstances have your banking information, credit cards, ID/passport, or login credentials or passwords been compromised.”
The retailer also confirmed that its own systems were not affected and that business operations remain uninterrupted.
“As soon as Mango became aware of this situation, it immediately activated all security protocols,” it said.
Customers have been advised to be cautious of any unusual communications or requests.
Although Mango did not specify which countries’ customers were impacted, the nature of the breach suggests that individuals in Australia may be among those affected.
The third-party provider involved has not been publicly identified, and there have been no claims of responsibility from cybercriminal groups.
In a separate event, a cybersecurity researcher discovered an unprotected database containing more than 3.5 million records linked to SABO, a fashion retailer based in Brisbane.
The database, which was accessible without security controls, included documents such as invoices, shipping details, and return records. These files contained personally identifiable information, including names, addresses, and contact details, and spanned transactions from 2015 to 2025.
SABO responded by restricting access to the database after being informed of the issue, though the company has not issued a public statement.
The length of time the data was exposed and whether the database was managed internally or by an external partner remain unknown.
The retail sector globally is facing a surge in cyber attacks, with recent incidents affecting major UK retailers and resulting in significant data loss and operational disruptions.
In Australia, nearly a quarter of cyber attacks are directed at retail businesses. The expansion of online retail during the pandemic has increased exposure to cyber risks, with recent incidents involving companies such as The Good Guys, Retail Apparel Group, and Latitude Financial.
Regulatory bodies have increased oversight following high-profile breaches, prompting more frequent audits and enforcement actions.
An Arthur J. Gallagher & Co report said: “What is most concerning is that the attack method and threat vectors vary from attack to attack which makes prevention extremely challenging.”
Cybersecurity professionals recommend that retailers implement regular staff training to recognise social engineering, conduct vulnerability assessments, use multi-factor authentication, and develop robust incident response plans.
Security analysts said: “Proactive investment in cybersecurity, third-party risk management, and compliance are now essential to survive in the current cyber threat landscape.”
