Skip to content
Data breachContained

Arsène Valentin: customer data exposed after malicious code was injected on the site

On 8 May 2026, French e-cigarette retailer Arsène Valentin disclosed that malicious code injected into its e-commerce website had exposed customer personal data — names, emails, postal addresses, phone numbers, dates of birth and order history; the breach was reported to the CNIL.

Victim
Arsène Valentin

On 8 May 2026, Arsène Valentin — a French e-commerce retailer of electronic cigarettes and e-liquids, with a network of franchised stores across France — notified its customers that it had detected malicious code planted on its website, which may have exposed their personal data.

The company described a classic web-skimming style compromise: attackers injected malicious code into the e-commerce site, potentially through a vulnerable plugin, a compromised dependency, or hijacked administrator access. The exact entry point was not confirmed in the disclosure.

The personal data potentially exposed included:

  • First and last names
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Dates of birth
  • Order history

Arsène Valentin stated that no banking data is stored on its servers, and that no malicious use of the affected information had been detected at the time of disclosure. The number of customers impacted was not disclosed.

The company reported the incident to the CNIL (France's data protection authority) and said it secured its infrastructure immediately after discovering the intrusion. Customers were advised to change their passwords and to stay alert for phishing attempts, since the combination of personal details and purchase history could enable highly convincing scam messages impersonating the brand.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/arsene-valentin-des-donnees-clients-exposees-apres-linjection-dun-code-malveillant-sur-le-site/

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K