Spar

Spar is a retailer based in Poland that operates an online store through which it sells goods to consumers. The e‑commerce platform allows customers to browse product catalogues, select items, and place orders for delivery to their specified addresses. To fulfil these orders, the retailer collects personal data including names, phone numbers, email addresses, and delivery addresses from its customers. This information is used exclusively for order processing, payment handling, and logistics coordination related to the online shopping service. In May 2025, Spar suffered a hacking attack that resulted in unauthorized access to its systems and a subsequent data breach. The breach exposed the personal information of customers, namely their names, phone numbers, email addresses, and delivery addresses.

Upon discovering the intrusion, Spar promptly secured its IT infrastructure to prevent further unauthorized entry. The company’s security team identified the source of the attack and blocked it to stop ongoing malicious activity. Spar reported the incident to the national data protection authority in accordance with legal obligations. Affected customers were notified about the breach and advised on potential risks associated with the exposed data. The notification highlighted that individuals whose data was compromised could face increased risks of phishing attempts, unsolicited telemarketing, or fraudulent schemes. In response, Spar has committed to strengthening its security measures and implementing additional safeguards to reduce the likelihood of similar incidents in the future.