The data breach stemmed from a compromise at one of the company’s external marketing vendors. Upon discovering the incident, MANGO acted quickly, sending data breach notifications to all affected customers on October 14, 2025. This action was taken to inform customers about the incident and provide them with details on the compromised data.
The compromised information included customers’ first names, country, postal codes, email addresses, and phone numbers. According to the company, no sensitive information, such as banking details, login credentials, or passwords, was exposed during the breach. The company also confirmed that the security incident did not impact its internal systems. As required by law, MANGO has notified the Spanish Data Protection Agency (AEPD) of the breach.
In its data breach notification, the company underscored its commitment to customer security and privacy. The notification stated, “In line with our commitment to the security and privacy of our customers, MANGO would like to inform you that one of our external marketing services suffered unauthorized access to certain customers’ personal data.”
The company clarified that the exposed data was limited to contact information used for marketing campaigns. The notification assured customers, “The exposed information is limited to personal contact data used in marketing campaigns: exclusively your first name (your last name was not compromised), country, postal code, email address, and phone number. We want to assure you that everything continues.” The swift response and detailed communication aim to reassure customers and maintain trust following the security incident.
Reference:
