ManoMano data breach affects 38 million customers via third-party provider

As reported by Bleeping Computer, DIY store chain ManoMano is notifying customers of a significant data breach impacting approximately 38 million individuals. The incident originated from unauthorized access to a third-party service provider, a subcontractor handling customer service interactions.

The breach was identified in January 2026 when ManoMano discovered unauthorized access linked to the third-party vendor. The compromised data includes full names, email addresses, phone numbers, and customer service communications. While the company states that no account passwords were accessed or modified, a hacker using the alias "Indra" claimed responsibility on a hacker forum, alleging possession of data from 37.8 million accounts. Reports suggest the compromised entity was a Tunis-based customer support provider that experienced a breach involving Zendesk.

ManoMano has taken immediate steps to secure its environment and has notified relevant authorities, including the CNIL and ANSSI. Customers are being advised to remain vigilant against phishing attempts and monitor their accounts for suspicious activity.

Source: Bleeping Computer