Mytheresa: Have I Been Pwned’s Post

Mytheresa: Have I Been Pwned’s Post

Mytheresa Hit by ShinyHunters Extortion Attack, Exposing 84K Customer Records

Luxury fashion retailer Mytheresa was targeted in an extortion campaign last month by the cybercriminal group ShinyHunters. The breach exposed sensitive customer data, including 84,000 email addresses, names, physical addresses, phone numbers, purchase histories, and partial payment card details.

According to reports, 97% of the leaked email addresses were already publicly available on LinkedIn, suggesting prior exposure in other incidents. The attack highlights the growing trend of extortion-based breaches, where threat actors steal data and demand payment to prevent its release.

Mytheresa has not confirmed whether a ransom was paid, but the incident underscores the risks of storing customer payment information and the persistent threat posed by financially motivated cybercrime groups. The breach also raises concerns about the potential for follow-on attacks, such as phishing or identity theft, targeting affected individuals.

Source: https://www.linkedin.com/feed/update/urn:li:activity:7465271093025480704

Mytheresa cybersecurity rating report: https://www.rankiteo.com/company/mytheresa-com

"id": "MYT1779863012",
"linkid": "mytheresa-com",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '84,000',
                        'industry': 'Luxury Fashion',
                        'name': 'Mytheresa',
                        'type': 'Retailer'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '84,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Email addresses',
                                              'Names',
                                              'Physical addresses',
                                              'Phone numbers',
                                              'Purchase histories',
                                              'Partial payment card details']},
 'description': 'Luxury fashion retailer Mytheresa was targeted in an '
                'extortion campaign last month by the cybercriminal group '
                'ShinyHunters. The breach exposed sensitive customer data, '
                'including 84,000 email addresses, names, physical addresses, '
                'phone numbers, purchase histories, and partial payment card '
                'details. The attack highlights the growing trend of '
                'extortion-based breaches, where threat actors steal data and '
                'demand payment to prevent its release.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage',
            'data_compromised': '84,000 customer records',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'lessons_learned': 'The incident underscores the risks of storing customer '
                    'payment information and the persistent threat posed by '
                    'financially motivated cybercrime groups.',
 'motivation': 'Financial gain',
 'ransomware': {'data_exfiltration': 'Yes'},
 'threat_actor': 'ShinyHunters',
 'title': 'Mytheresa Hit by ShinyHunters Extortion Attack, Exposing 84K '
          'Customer Records',
 'type': 'Extortion'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.