Inditex has suffered a cyberattack that has affected internal databases linked to the commercial relationship with customers in different markets. The incident, however, has been located on the servers of a third party, specifically an old technology provider, and the company maintains that its own systems have not been compromised.
The affectation is limited to an external provider
The company specifies that the incident has occurred outside of its direct infrastructure. The attack has been detected on the servers of a former technological provider, where internal databases with commercial information related to clients from several countries were hosted.
Among the compromised data is that information linked to the commercial relationship, although the company emphasizes that sensitive personal data has not been affected. In that group it places names, surnames, phone numbers, addresses, passwords or information on bank cards and other means of payment.
No impact on the company's own systems
Inditex maintains that its internal systems have not been affected and conveys that there is no risk for users. The company has activated its security protocols once the incident was detected and has communicated what happened to the competent authorities.
The company rules out risk for customers based on the information reviewed so far. The scope of the attack is therefore limited to those databases hosted in the infrastructure of that external provider with whom it no longer maintains an active technological relationship.
The case has been brought to the attention of the relevant authorities while the security measures adopted after the detection of unauthorized access are maintained. For the moment, the company insists that the incident does not compromise passwords or bank details and that the operation of its systems remains intact.