Skip to content
Data breachContained

Leak at Carrefour Mobile

In April 2025, Carrefour Mobile, the Belgian MVNO of the Carrefour retail group, suffered a data breach exposing personal data of about 64,000 customers, including names, contact details, home addresses, portal passwords and, for some, passport numbers.

Victim
Carrefour Mobile
records
64.0K

On 24 April 2025, Carrefour Mobile β€” the Belgian mobile virtual network operator (MVNO) run by the Carrefour retail group β€” confirmed a data breach that exposed the personal information of roughly 64,000 customers. A file containing the data was found circulating online, and the operator notified affected customers and the data protection authorities.

Carrefour attributed the incident to a compromise affecting Carrefour Mobile and stated that no banking or payment data was involved. The exact cause was placed under investigation by an external cybersecurity firm, with reporting pointing to a breach reaching customer portal and subscriber records; the leak mainly affected Belgian (and some Italian) customers, as Carrefour Mobile no longer operates in France.

Exposed data categories reported across sources include:

  • Names and dates of birth
  • Phone numbers and email addresses
  • Home addresses
  • Customer portal passwords and security-question answers
  • Subscriber numbers and IMSI identifiers
  • Passport numbers (for customers who had provided them)

In response, Carrefour temporarily closed the Carrefour Mobile customer portal for maintenance, reset user accounts as a precaution, and required customers to set a new password once the portal reopened. The company stressed that the incident was limited to Carrefour Mobile and did not affect the chain's other services, and that mobile service continued to function normally.

Sources

  1. gondola.behttps://www.gondola.be/fr/news/64000-clients-de-carrefour-mobile-victimes-dune-fuite-de-donnees
  2. zataz.comhttps://www.zataz.com/fuite-massive-chez-carrefour-mobile-des-milliers-de-donnees-personnelles-en-danger/
  3. retaildetail.behttps://www.retaildetail.be/fr/news/general/fuite-de-donnees-chez-carrefour-mobile/

Related incidents

Data breachContained

Leak at Altitude Infra

Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

Victim
Altitude Infra
Data breachContained

Leak at Red by SFR

In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

Victim
Red by SFR
Data breachContained

Leak at Eurofiber

In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

Victim
Eurofiber
Data breachUnknown

Data leak at Syma Mobile

In September 2025, a database of 117,963 Syma Mobile customers β€” exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details β€” was put up for sale on a dark-web forum alongside other French datasets.

Victim
Syma Mobile
Records
118.0K