El Corte Inglés, one of Spain’s largest department store chains, has fallen victim to a cyberattack that compromised the personal and payment data of a significant number of its customers. The breach occurred through an external provider that suffered unauthorized access to customer databases. Although the company quickly identified and addressed the issue, the data leak still took place. El Corte Inglés has informed both the relevant authorities and the affected customers about the breach, although it reassures the public that it has mitigated the risk of further financial damage, as the leaked payment details cannot be used for transactions or purchases.
The breach exposed sensitive customer information, including identification and contact details, along with purchase card numbers.
However, the company emphasized that no financial operations could be executed using the exposed card numbers, easing some concerns about fraudulent transactions. Despite this, the company has urged customers to remain vigilant. El Corte Inglés also assured users that no employee will reach out to them via phone or email to request sensitive information, such as security codes or passwords.
This incident adds El Corte Inglés to a growing list of companies affected by similar cyberattacks, including high-profile organizations like Banco Santander, Ticketmaster, and the Madrid Transport Consortium. The breach highlights the growing risks businesses face regarding data security. In addition, consumer organizations, such as the Organización de Consumidores y Usuarios (OCU), have outlined the potential risks stemming from data leaks. Identity theft, fraudulent loans, and phishing scams are some of the threats that individuals may face due to such breaches.
The OCU further warned that the leaked data could be exploited for various forms of cybercrime, including identity theft, financial fraud, and phishing schemes. With phone numbers and email addresses exposed, the possibility of receiving deceptive communications aimed at stealing more sensitive information becomes a significant concern. The organization also noted that personal data might end up in illegal markets, leading to spam and other malicious cyberattacks. El Corte Inglés, in response, has promised to take necessary steps to prevent such risks and protect the integrity of its customer data.
Reference:
