Leak at Boulanger
On the night of 6-7 September 2024, French electronics retailer Boulanger suffered a data breach traced to a shared third-party delivery/IT provider, exposing the names, postal and email addresses and phone numbers of several hundred thousand customers; no banking data was affected.
- Victim
- Boulanger
On the night of 6-7 September 2024, Boulanger β a major French consumer-electronics retail chain β was hit by a cyberattack that exposed the personal data of several hundred thousand customers. The company disclosed the incident publicly on 8 September, stating that the compromised information related to deliveries and that no customer banking data was affected.
The breach was not isolated. In the same period, fellow French retailers Cultura and Truffaut reported very similar incidents, and reporting attributed the wave to a common external IT/delivery service provider used by the affected companies β making this a third-party (supply-chain) compromise rather than a direct intrusion of Boulanger's own systems.
Exposed data categories included:
- Surname and first name
- Email address
- Postal (delivery) address
- Phone number
A threat actor subsequently advertised a Boulanger-linked database of roughly 27.5 million log lines for sale, though security researchers questioned the authenticity and scope of that listing; Boulanger itself characterized the exposure as affecting several hundred thousand customers. The company said the incident had been contained, that its websites and apps were operating normally under heightened vigilance, and it warned customers to stay alert to phishing and delivery-themed fraud attempts using the leaked details.
Sources
- lemondeinformatique.frhttps://www.lemondeinformatique.fr/actualites/lire-piratage-de-boulanger-des-centaines-de-milliers-de-clients-touches-94654.html
- pointsdevente.frhttps://pointsdevente.fr/fil-info/2024-09-12-cyberattaques-les-clients-de-boulanger-cultura-truffaut-victimes-dune-fuite-de-donnees/
- usine-digitale.frhttps://www.usine-digitale.fr/article/cybersecurite-boulanger-victime-d-une-fuite-de-donnees-des-millions-de-francais-concernes.N2218196