The Mytheresa data breach exposed 84,108 records including Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
- Breach date
- 2026-04-12
- Records affected
- 84,108
- Verified
- Yes
- Domain
- mytheresa.com
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Names
- Partial credit card data
- Phone numbers
- Physical addresses
- Purchases
- Salutations
What You Should Do
If you had an account with Mytheresa, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Contact your bank or card issuer to request a replacement card
- Review recent statements for unauthorized transactions
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Mytheresa breach?
What should I do if my data was exposed in the Mytheresa breach?
When did the Mytheresa data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help