Data Breaches 38 Million Allegedly Impacted by ManoMano Data Breach Hackers stole personal information such as names, email addresses, phone numbers, and other information. By Ionut Arghire | February 27, 2026 (8:41 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Roughly 38 million people were likely impacted by a data breach at European DIY store chain ManoMano after hackers compromised a support portal. The attack occurred in January and was disclosed this week, when ManoMano started notifying the potentially affected customers of the incident. According to the company’s notification, copies of which were shared on X, the data was stolen after a customer service subcontractor was compromised. The hackers stole customers’ names, email addresses, and phone numbers, along with customer service exchanges. While ManoMano has not shared details on the hacked platform, it appears that the hackers accessed its Zendesk instance, used by the company for customer support. A threat actor using the name of ‘Indra’ claimed the attack on the underground hacking portal BreachForums, saying they stole roughly 43GB of data from the company. Advertisement. Scroll to continue reading. The data, the threat actor claims, includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments. The stolen data allegedly pertains to ManoMano users across all five European countries where it operates, namely France, Germany, Italy, Spain, and the United Kingdom. The hacker allegedly accessed the company’s data after compromising a customer support service provider in Tunisia. SecurityWeek has emailed ManoMano for a statement on the attacker’s claims and will update this article if the company responds. A French company, ManoMano owns a popular DIY, gardening, and home improvement ecommerce website that has over 50 million visitors per month. Related: CarGurus Data Breach Impacts Over 12 Million Users Related: Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site Related: US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach Related: PayPal Data Breach Led to Fraudulent Transactions Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Gambit Security Emerges From Stealth With $61 Million in Funding Zyxel Patches Critical Vulnerability in Many Device Models US Sanctions Russian Exploit Broker Operation Zero Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers SolarWinds Patches Four Critical Serv-U Vulnerabilities Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia CarGurus Data Breach Impacts Over 12 Million Users Astelia Raises $35 Million for Exposure Management Latest News 900 Sangoma FreePBX Instances Infected With Web Shells Chilean Carding Shop Operator Extradited to US Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Juniper Networks PTX Routers Affected by Critical Vulnerability Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking Apple iPhone and iPad Cleared for Classified NATO Use Four Risks Boards Cannot Treat as Background Noise Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move BreachRx has named Young-Sae Song as Chief Marketing Officer. Titania has appointed Andrew Woodford as Chief Technology Officer. Menlo Security has named Bill Robbins as Chief Executive Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email