Skip to content
Data breachContained

Leak at Auchan

In August 2025, French retailer Auchan disclosed a breach exposing personal data of several hundred thousand Waaoh loyalty-program customers — names, titles, postal and email addresses, phone numbers and loyalty card numbers; bank data and PINs were not affected.

Victim
Auchan

On 21 August 2025, Auchan — one of France's largest supermarket and hypermarket retailers — disclosed a cyberattack that exposed the personal data of several hundred thousand customers enrolled in its Waaoh loyalty program. The company began notifying affected customers and reported the incident to France's data-protection authority, the CNIL.

The retailer did not publicly detail the attack vector. It stressed that the exposed information was limited to loyalty-account profile data and that more sensitive fields were not compromised.

Data exposed included:

  • Title (civility), surname and first name
  • Email address
  • Postal address
  • Phone number
  • Loyalty (Waaoh) card number
  • Customer status

Auchan stated that bank details, passwords and loyalty-card PIN codes were not affected. In response, it deactivated the loyalty cards of impacted customers, who had to obtain a new Waaoh card in-store to recover their rewards balance. The company also warned recipients to be vigilant against phishing, noting it would never request login details, passwords or PIN codes by email, SMS or phone. This was the second customer-data breach at Auchan in under a year, following a November 2024 incident that affected more than 500,000 loyalty customers.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/auchan-retailer-data-breach-impacts-hundreds-of-thousands-of-customers/
  2. securityaffairs.comhttps://securityaffairs.com/181556/data-breach/auchan-discloses-data-breach-data-of-hundreds-of-thousands-of-customers-exposed.html
  3. lemondeinformatique.frhttps://www.lemondeinformatique.fr/actualites/lire-encore-pirate-auchan-alerte-sur-une-fuite-de-donnees-clients-97652.html
  4. zataz.comhttps://www.zataz.com/nouveau-piratage-auchan-cartes-fidelite-exposees/

Related incidents

Data breachContained

Leak at Auchan

On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers — names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.

Victim
Auchan
Records
500.0K
Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop