Inditex, the parent of Zara and other fast‑fashion labels, confirmed Wednesday that a third‑party contractor suffered a cyber intrusion that exposed internal commercial‑relations files to its supply chain partners. The breach did not involve customer names, contact details, passwords or payment information, the company said in an emailed statement.

The compromised firm handles data aggregation for Inditex’s global sourcing network, a process that underpins the retailer’s rapid inventory turnover. Analysts note that any perception of weakened data hygiene could pressure the group’s valuation, which trades near a $100 billion market cap. Nonetheless, the absence of consumer‑level data limits immediate financial fallout.

Inditex vowed to audit the contractor’s security protocols and accelerate migration of sensitive workflows to in‑house platforms. The firm also engaged an external forensic team to trace the breach’s origin. By emphasizing that core customer data remain insulated, management aims to reassure shareholders wary after recent sector‑wide cyber scares.

Shares slipped marginally after the announcement, trading a few basis points below the prior close, while analysts downgraded few to hold pending further clarity on remediation costs. The episode underscores the growing scrutiny of supply‑chain cyber risk for apparel giants, reinforcing the need for tighter vendor oversight.