Leak at Afflelou
In April 2025, French optical and hearing-aid retailer Alain Afflelou disclosed a breach caused by a vulnerability at a third-party CRM provider, exposing the personal and commercial data of thousands of customers and prospects.
- Victim
- Afflelou
On 15 April 2025, Alain Afflelou β the French optical and hearing-aid retail group, which operates close to 1,500 stores across some twenty countries β disclosed a data breach affecting customers and prospects of both its optician and audiology networks. In an email sent to affected individuals around 16 April, the group described a "cybersecurity incident" that had resulted in the exfiltration of personal data.
The breach did not stem from a direct intrusion into Afflelou's own systems. According to the company, it originated in a security vulnerability at one of its third-party service providers responsible for customer relationship management (CRM), which gave attackers access to the customer database.
The exposed data included:
- Name, first name and date of birth
- Postal address, email address and phone number
- The affiliated store and the customer's insurance provider name
- Family situation (including information on minor children registered as clients)
- Date of last appointment and recent purchase history
No financial data, passwords, social security numbers or medical/health information were reported as compromised. Coverage referred to "thousands" of affected customers and prospects; some reporting later cited a figure in the order of 1.5 million records tied to the leaked database, though the company did not officially confirm a number.
Afflelou reported the incident to France's data protection authority (CNIL) in line with GDPR obligations, engaged independent cybersecurity experts, and stated it had taken remediation measures. No fraudulent misuse of the data had been identified at the time of disclosure, and the company warned affected individuals to remain vigilant against phishing and identity-fraud attempts referencing optical or hearing-care themes.
Sources
- zataz.comhttps://www.zataz.com/faille-de-securite-chez-afflelou-les-donnees-personnelles-de-milliers-de-clients-compromises/
- usine-digitale.frhttps://www.usine-digitale.fr/article/le-groupe-alain-afflelou-victime-d-une-fuite-de-donnees-personnelles.N2230768
- journaldugeek.comhttps://www.journaldugeek.com/2025/04/22/apres-une-fuite-de-donnees-chez-alain-afflelou-des-milliers-de-clients-exposes/
- cybermaterial.comhttps://cybermaterial.com/alain-afflelou-breach-exposes-customer-info/