Skip to content
Data breachContained

Acrimed: online shop hit by a cyberattack

On 29 April 2026, French media-criticism association Acrimed disclosed a cyberattack on its online shop that exposed customers' email addresses, encrypted passwords and order history; names, postal addresses, phone numbers and banking details were said to be unaffected.

Victim
Acrimed

On 29 April 2026, Acrimed β€” the French media-criticism association Action Critique MΓ©dias, which runs an online shop to fund its activities β€” informed its users that its e-commerce site had been hit by a cyberattack that compromised some customer personal data.

According to the association's notice, the intruders gained access to data held by the online store. The exposed information was limited to:

  • Email addresses
  • Encrypted (hashed) passwords
  • Purchase / order history

Acrimed stated that more sensitive details β€” full names, postal addresses, phone numbers and banking information β€” were not affected by the breach.

In response, the association temporarily took its online shop offline to investigate the incident and reinforce its security, and it deleted dormant accounts dating from 2017 or earlier as a precaution. The breach was reported to France's data-protection regulator (CNIL). The number of affected customers was not disclosed. Acrimed warned users of follow-on risks β€” particularly credential reuse on other sites, targeted phishing impersonating the organization, and spam β€” and urged them to change any reused passwords.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/acrimed-la-boutique-en-ligne-victime-dune-cyberattaque/
  2. frenchbreaches.comhttps://frenchbreaches.com/alertes/acrimed-mok7fyx1nlfz2fk5wcb

Related incidents