French online DIY marketplace ManoMano has started notifying customers across the five European countries where it operates that their personal information may have been exposed in a data breach, which has reportedly affected around 37.8 million users.
The ecommerce company’s customer base of around 50 million spans markets, including France, Spain, Italy, Germany, and the UK. The notice to customers in Spain stated:
“We were recently informed that one of our customer service providers (a subcontractor) was the victim of a cyberattack in January 2026, which resulted in the unauthorized downloading of personal data associated with your customer account.”
ManoMano’s investigations, as well as those of the subcontractor, showed that data was extracted from the account of one of the subcontractor’s agents. ManoMano added:
“The affected information includes: first name, last name, email address, phone number, and your possible exchanges with our customer service team. Your password is not affected. Your data remains intact and has not been modified.”
A threat actor using the alias “Indra” has posted on a hacker forum claiming to have stolen around 43GB of data from about 37.8 million accounts along with thousands of support tickets and attachments, although some of those specific claims remain unverified.
Although no account passwords or internal systems were breached, according to company, the nature of the data taken still creates the risk of targeted phishing, account takeover attempts and other fraud leveraging customer context from support conversations.
ManoMano didn’t name the vendor, but the intrusion reportedly came through a third-party support environment that made use of Zendesk, according to The Register.
A Zendesk spokesperson told CX Today:
“Zendesk’s platform was not compromised. The incident was a localized matter involving compromised credentials and occurred entirely outside the Zendesk platform. It did not result from any vulnerability or security failure within Zendesk’s infrastructure.”
ManoMano revoked the subcontractor’s access once the breach was identified and has notified authorities, including France’s CNIL and ANSSI. It also alerted affected customers with guidance on spotting suspicious communications and protecting themselves from scams.
Why Customer Support Data Is a Growing Cybersecurity Risk
For customer experience professionals, the incident is the latest in a series of breaches that highlight how deeply customer support and engagement platforms are woven into the data ecosystem, and how they can be exploited by hackers.
Tickets, chat logs, phone transcripts and metadata contain personally identifiable information (PII) that can be weaponized by fraudsters and identity thieves when exposed.
When that data lives outside a company’s core infrastructure in third-party systems like support platforms or outsourced provider environments, traditional IT security controls often have reduced visibility or enforcement.
In its X-Force Threat Intelligence Index 2026, IBM reported a 44% year-over-year increase in the exploitation of public facing software or system applications and a 49% rise in active ransomware groups compared to the previous year.
Industry research also shows the proportion of confirmed breaches involving third-party relationships is climbing, linking attackers to exploiting weaker security postures among vendors.
Major brands including airlines and tech platforms have disclosed breaches where contact center or support-related systems were implicated, exposing millions of customer records.
What’s more, there have been multi-organization incidents tied directly to CX platform vulnerabilities, where attackers leveraged integration flaws or stale API tokens to compromise workflows across a several companies at once, underscoring that CX systems can become a silent gateway for attackers when not closely monitored.
Enterprises and vendors can face significant reputational and financial effects when customer data is exposed through those channels.
Zendesk highlighted the importance of strong a vendor security posture, stating: “Zendesk maintains robust security controls and follows industry best practices.”
“Zendesk confirms that it takes data security obligations extremely seriously and it is cooperating fully with relevant stakeholders, and will continue to act transparently and responsibly in relation to data protection matters.”
As companies continue to stitch together customer journeys using a patchwork of software as a service (SaaS) services and outsourced providers, ManoMano’s breach is a reminder that security governance needs to extend beyond internal systems.
CX teams, security leaders and risk functions increasingly need aligned strategies, from vendor security assessments and continuous monitoring to least-privilege access controls and incident response planning that includes supplier touch points.
