Bazar du Manga: data leak confirmed after customer cold-calling
On 17 April 2026, online manga retailer Bazar du Manga confirmed that customer identity and contact details had been extracted without authorisation from its database and were being used by a third party, Panda Manga, for unsolicited marketing; no payment data was affected.
- Victim
- Bazar du Manga
On 17 April 2026, Bazar du Manga β a French online manga and merchandise retailer β confirmed a customer data leak after shoppers began receiving unsolicited emails and social-media messages from an unrelated company calling itself Panda Manga.
The breach came to light through this commercial solicitation rather than a system intrusion alert: customers reported being contacted by a third party that Bazar du Manga says it has no connection with. The retailer concluded that contact and identity details had been extracted from its customer database without authorisation and were now being used for marketing purposes.
The exposed data was limited to customer-account information; bank and card data are handled by an external payment provider and were not affected. The categories involved include:
- Identity information (first and last name, civil status)
- Email addresses and other contact details
- Customer-profile data
Bazar du Manga publicly denied any affiliation with Panda Manga, denounced the illicit reuse of its customers' data, and notified France's data-protection authority (CNIL) in line with the GDPR. It advised customers to stay alert to unofficial solicitations β which carry a heightened risk of targeted phishing, fraudulent offers and identity theft β and to exercise their rights to have their data deleted. No figure for the number of affected customers has been published.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/bazar-du-manga-fuite-de-donnees-confirmee-apres-les-demarchage-des-clients/