El Corte Inglés has confirmed it has fallen victim to a cyberattack, resulting in unauthorized access to the personal data of its customers. The major Spanish retailer, known for its extensive department stores, announced the incident via email to its users, emphasizing its commitment to privacy and personal data protection. The notification revealed the breach occurred through "an external provider" but did not specify the attack's timing or which provider was involved.
According to the notification sent to customers, "the attack was identified and rectified immediately through our detection and security protocols." El Corte Inglés has reportedly demanded additional security measures from the affected supplier to prevent such incidents from recurring. The company has also alerted the relevant authorities about the breach.
The compromised data includes identifying and contact information along with credit card numbers intended for use solely at El Corte Inglés. The company assured its customers, stating, "This information does not allow third parties to operate or make payments with their El Corte Inglés card." With approximately 11.8 million users holding the company's shopping card as of the end of the 2023-2024 fiscal year, El Corte Inglés has taken steps to calm customer fears.
While reassuring clients about the continued safe use of their cards, both online and offline, El Corte Inglés reiterated its policy not to contact customers through any means—neither electronically nor by phone—to request passwords or personal security codes. The digital safety of its customers, it claims, remains its top priority.
The incident at El Corte Inglés is part of a broader trend, as Spanish retailers have increasingly faced cyber threats over the past few years. For example, the textile giant Tendam, which owns brands like Cortefiel and Pedro del Hierro, experienced significant data theft last September, with hackers demanding an €800,000 ransom to avoid public exposure of over 720 gigabytes of sensitive information.
Cybercrime continues to be recognized as a growing threat to businesses. El Corte Inglés previously highlighted this risk within its latest bond issuance brochure, noting the rising number of cyberattacks targeting information technology systems. The company reported these attacks seek unauthorized access to corporate data or disrupt operations.
Experts are drawing attention to the increasing value of data, pointing out large retailers as prime targets for cybercriminals. Sancho Lerena, CEO of technology firm Pandora FMS, emphasized the significance of real-time monitoring systems, explaining such technologies can detect unusual behaviors and allow swift responses to potential breaches.
“Monitoring IT structures should be mandatory,” Lerena stated. “Timely reaction saves significant amounts of data.” He suggested implementing systems capable of analyzing data activities continuously to improve detection rates.
Statistics shared by Lerena indicate the retail sector faces heightened risk from cyberattacks as data management within e-commerce and general digitalization intensifies. He reported on the historical data from the National Cybersecurity Institute (INCIBE), noting the finance sector held steady at 25% for the past two years for cyber incidents, with significant increases seen across telecommunications and energy sectors.
With the rise of cyber threats, experts warn of the pressing need for companies to invest more resources both financially and administratively to shore up their cyber defenses. They suggest prioritizing the hiring of qualified personnel able to navigate the complex realms of cybersecurity and IT management.
The insight provided sheds light on the increasing sophistication of cyberattacks and indicates urgent corrective actions are necessary to protect sensitive data more effectively. The incident at El Corte Inglés serves as another call to action for enhanced cybersecurity measures across affected industries.
Experts conclude by reinforcing the need for advanced technological solutions to manage risks more effectively, indicating the incorporation of artificial intelligence can improve control systems against cyber threats. “Cyberattacks happen not only due to security flaws but also because of configuration errors or gaps left within company infrastructure,” Lerena emphasized.
Given this latest incident, El Corte Inglés hopes to instill confidence among its customers and emphasizes the continued need for vigilance against cyber threats—a narrative increasingly echoed across the retail sector as they adapt to the challenges posed by the digital age.