Spanish fashion retailer MANGO has notified its customers of a data breach in which one of its external marketing services vendors suffered unauthorized access to certain customer data.
Roger Grimes, CISO Advisor at cybersecurity company KnowBe4, provided the following comments:
“Even the limited leak of only some personally identifying information can be of use to scammers. The hackers could craft a phishing message related to MANGO, and because the potential victim does have some sort of existing relationship with MANGO, any well-crafted phishing message is more likely to be successful than if it were some broad, generic type of phishing campaign. Every bit of information you give a scammer about someone can be used to craft a more realistic phishing message.”
“As an impacted customer, I’m concerned with not only my stolen information being used against me in some way, but also, if I want to remain a MANGO customer, in being reassured it won’t happen again. Has MANGO been able to figure out how it happened at the marketing supplier? Was it social engineering (very likely), unpatched software or firmware, or some other type of hacking attack? Because if they don’t know how the compromise happened, they can’t as easily take steps to ensure it won’t happen again. As a customer, I want to be reassured that MANGO knows how the hack of my information happened and what steps they have taken to make sure it doesn’t happen again.”
Re
Related
This entry was posted on October 15, 2025 at 5:15 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
MANGO Pwned Via A Third Party Breach
Spanish fashion retailer MANGO has notified its customers of a data breach in which one of its external marketing services vendors suffered unauthorized access to certain customer data.
Roger Grimes, CISO Advisor at cybersecurity company KnowBe4, provided the following comments:
“Even the limited leak of only some personally identifying information can be of use to scammers. The hackers could craft a phishing message related to MANGO, and because the potential victim does have some sort of existing relationship with MANGO, any well-crafted phishing message is more likely to be successful than if it were some broad, generic type of phishing campaign. Every bit of information you give a scammer about someone can be used to craft a more realistic phishing message.”
“As an impacted customer, I’m concerned with not only my stolen information being used against me in some way, but also, if I want to remain a MANGO customer, in being reassured it won’t happen again. Has MANGO been able to figure out how it happened at the marketing supplier? Was it social engineering (very likely), unpatched software or firmware, or some other type of hacking attack? Because if they don’t know how the compromise happened, they can’t as easily take steps to ensure it won’t happen again. As a customer, I want to be reassured that MANGO knows how the hack of my information happened and what steps they have taken to make sure it doesn’t happen again.”
Re
Share this:
Like this:
Related
This entry was posted on October 15, 2025 at 5:15 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.