Miinto Says Unauthorized Access Exposed Customer Order Information

Danish fashion marketplace Miinto has notified customers that an unauthorized party accessed its internal order management system and may have viewed information linked to purchases.The company disclo...

Danish fashion marketplace Miinto has notified customers that an unauthorized party accessed its internal order management system and may have viewed information linked to purchases.

The company disclosed the incident in emails sent to affected shoppers, including customers in the UK. Miinto said it had reported the matter to law enforcement and the relevant data protection authority, but did not state how many records were involved or explain how the attacker gained access.

Information potentially exposed

According to the notification, the compromised order data may have included customers’ names, email addresses, postal addresses and telephone numbers. Miinto also said the information could indicate whether a customer paid by card or used a service such as Klarna’s pay-in-three option, as well as the type of card used.

The company said payment card numbers, security codes and other verification details were not exposed in the incident. It nevertheless warned that criminals could use the available information to make fraudulent messages appear more credible.

Phishing risk highlighted

Miinto urged customers to be cautious of emails, text messages or calls claiming to come from the company. Shoppers should avoid clicking unexpected links, sharing passwords or payment information, and should independently verify requests by visiting Miinto through a known address rather than using links in messages.

Miinto said it had contained the incident, removed the unauthorized party’s access and introduced stronger controls around its order management system. The company apologized for the concern caused and said it was continuing to invest in measures intended to prevent similar events.

The marketplace, founded in 2009 and headquartered in Copenhagen, operates across 14 countries. Miinto reported annual revenue of 869 million Danish kroner, approximately $132.9 million, in January. The company did not issue a separate public announcement about the incident and had not responded to requests for additional information at the time of reporting.