Skip to Content

How Does the ManoMano Data Breach Affect 37 Million Users?

By: Author Alex Lim

Posted on

Categories Cybersecurity

Home » Cybersecurity » How Does the ManoMano Data Breach Affect 37 Million Users?

What Happened in the ManoMano Data Breach?

A significant data security incident has compromised the personal information of approximately 37 million customers of the online marketplace ManoMano. The breach occurred when a subcontractor’s system was compromised by a cyberattack in January 2026. This resulted in the unauthorized download of a substantial volume of personal data.

The Source of the Breach

ManoMano operates as a comprehensive platform connecting businesses with consumers across Europe, including Germany, France, Spain, Italy, and the UK. The marketplace offers a wide array of products ranging from home improvement items to pet supplies. On February 11, 2026, the company’s data protection officer notified customers that a customer service provider acting as a subcontractor had suffered a cyberattack. This attack compromised an account, allowing unauthorized access to and download of personal data associated with customer accounts.

The Scope of Compromised Data

The scale of the incident is substantial. A cybercriminal using the alias “Indra” claimed responsibility on BreachForums, asserting access to 37.8 million user accounts representing approximately 43 GB of data. Furthermore, the claim includes 935,000 customer service tickets and over 13,500 attachments. The volume of data indicates the subcontractor had extensive, direct access to the ManoMano online shop’s database.

The compromised information includes personal identifiers such as:

  • First names
  • Last names
  • Email addresses
  • Telephone numbers
  • All communication exchanged with customer service

Response and Mitigation Strategies

Following the discovery of the breach, ManoMano took immediate action to mitigate further risks. The affected subcontractor’s access to customer data was revoked, and the company implemented enhanced data access controls for all other subcontractors operating within the online shop infrastructure.

Despite these measures, the compromised data remains out of the company’s control. ManoMano has fulfilled its regulatory obligations by notifying the relevant authorities, including the CNIL (French data protection authority), the ANSSI (French Agency for Information Systems Security), and the Urgence Cyber Île-de-France platform.