Fashion Retailer Miinto Discloses Data Breach, Warns of Phishing Risks
Danish e-commerce platform Miinto has confirmed a data breach exposing customer names, contact details, and payment method types, prompting warnings of potential phishing attacks.

Danish e-commerce company Miinto has admitted that an unauthorized party accessed its internal order management system, leading to a data breach that may have exposed sensitive customer information. The incident, detailed in emails sent to affected customers, involved the theft of personal data including names, email addresses, physical addresses, and phone numbers.
While full payment card details were not compromised, the breach did reveal the types of payment methods used by customers, such as credit card brands or services like Klarna. This information, combined with other stolen personal data, could be used by malicious actors to craft more convincing phishing campaigns impersonating Miinto.
Miinto has taken steps to address the incident, including reporting it to the police and relevant data protection authorities. The company stated it has worked quickly to contain the breach, remove the intruder from its systems, and has since strengthened its security measures, particularly by increasing access controls on its order management system.
In their communications, Miinto emphasized transparency, informing customers directly about the incident and advising them to be vigilant against potential phishing attempts. The company expressed sincere apologies for any concern or distress caused by the breach, reaffirming its commitment to protecting customer data.
Founded in 2009 and operating in 14 countries, Miinto is a significant player in the online fashion marketplace. The company recently reported substantial revenue growth, highlighting its scale and the potential impact of such a data compromise on its customer base.
The breach underscores the ongoing threat to e-commerce platforms and the importance of robust data security practices. The exposure of even partial payment information and contact details can significantly increase the effectiveness of social engineering attacks against consumers.
Miinto's response includes enhancing security protocols and investing in measures to prevent future occurrences. The company's proactive notification and clear warnings about phishing aim to mitigate further harm to its customers, though the full extent of the attacker's actions and the ultimate impact remain under investigation.