Cyber Incident Victim: ManoMano

The attack on ManoMano’s support portal took place in January 2026 when hackers compromised a customer service subcontractor based in Tunisia. ManoMano became aware of the breach and began notifying potentially affected customers during the week of February 27 2026, as disclosed in the company’s notification shared on X. The breach was traced to the compromised subcontractor, which allowed the threat actors to gain access to ManoMano’s support data. Notification efforts were initiated promptly after the discovery to inform those whose information may have been exposed.

The stolen data included customers’ names, email addresses, phone numbers, and the full content of customer service exchanges. According to the threat actor using the alias “Indra” on BreachForums, approximately 43 GB of information was exfiltrated, encompassing details tied to 37.8 million ManoMano user accounts, over 900 000 service tickets, and more than 13 000 attachments. The compromised records pertain to users in all five European countries where ManoMano operates: France, Germany, Italy, Spain, and the United Kingdom. No additional categories of data were mentioned in the available source.

ManoMano’s response has consisted of sending out notifications to the potentially impacted individuals and providing copies of those notifications to media outlets such as SecurityWeek for transparency. The company has been contacted by SecurityWeek for a formal statement regarding the attacker’s claims, and it indicated that it will update its public communication if a response is received. No further remedial actions or investigative details were disclosed in the source material.