An unattributed threat actor claims to have exfiltrated personal data belonging to approximately 38 million ManoMano customers from the company’s Zendesk customer support instance; ManoMano has not publicly confirmed the breach as of available reporting. ManoMano operates across France, Spain, Italy, Germany, Belgium, and the UK, meaning exposure likely triggers GDPR notification obligations across multiple jurisdictions if the claim is verified. The primary business risk is regulatory liability, customer trust erosion, and potential downstream fraud targeting affected individuals, though the 38 million figure and data authenticity remain unverified pending independent confirmation. Note: source reporting originates from threat actor claims and secondary news coverage; treat as unverified until ManoMano issues an official statement.