Allopneus: 453,000 customers exposed after a cyberattack
On 23 March 2026, French online tyre retailer Allopneus suffered a cyberattack on the software managing its home tyre-fitting service, exposing data on 453,299 unique customers across 739,316 records (2014–2026); no banking data or passwords were compromised.
- Victim
- Allopneus
- records
- 453.3K
On 28 March 2026, Allopneus — France's leading online tyre retailer — disclosed a data breach affecting hundreds of thousands of customers. The company detected the cyberattack on 23 March 2026 and notified affected customers by email on 27 March.
Attackers gained unauthorised access to the management software used for Allopneus's home tyre-fitting (mobile installation) service and exfiltrated personal data accumulated over more than a decade of orders. The stolen database — covering orders placed between 2014 and March 2026 — was subsequently put up for sale and published on dark-web forums.
The breach affected 453,299 unique customers across 739,316 records. The exposed data included:
- Full names
- Email addresses
- Phone numbers
- Billing and installation (home-fitting) addresses
- Order numbers and transaction details (tyre dimensions, quantity, intervention date)
Allopneus stated that no banking data and no passwords were compromised. The company filed a criminal complaint and notified France's data protection regulator (CNIL). Customers were warned to stay vigilant against targeted phishing, fraud and identity-theft attempts leveraging the leaked information.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/allopneus-453-000-clients-touches-par-une-fuite-massive/
- frenchbreaches.comhttps://frenchbreaches.com/blog/piratage-allopneus-453-000-clients-exposes-12-ans-de-donnees-sur-le-dark-web