Cetelem: customer email addresses exposed after a cyberattack
Cetelem, the consumer-credit brand of BNP Paribas Personal Finance, confirmed a cyberattack on 20 April 2026 that exposed the email addresses of several hundred thousand customers; the company says no passwords, banking or payment data were compromised.
- Victim
- Cetelem
On 20 April 2026, Cetelem β the consumer-credit and financing brand of BNP Paribas Personal Finance β suffered a cyberattack that compromised the email addresses of a portion of its customer base. The company disclosed the incident in early May, notifying affected customers and reporting the breach to the CNIL, France's data-protection regulator.
According to the company, the exposure was limited to email addresses. BNP Paribas Personal Finance stated that no other personal data was affected β specifically that passwords, banking details and payment information were not compromised. The breach is reported to have touched several hundred thousand accounts, out of a French customer base numbering in the millions; no exact figure has been published.
Data exposed:
- Customer email addresses
The technical cause and attack vector have not been disclosed publicly. Cetelem warned customers to be vigilant against phishing, as the leaked addresses can be used to craft convincing fraudulent messages impersonating the brand in an attempt to extract banking details, identity documents or login credentials.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/cetelem-les-adresses-email-des-clients-exposees-apres-une-cyberattaque/
- incyber.orghttps://incyber.org/article/cetelem-victime-fuite-donnees-centaines-milliers-adresses-e-mail-derobees/
- presse-citron.nethttps://www.presse-citron.net/cyberattaque-chez-cetelem-des-milliers-de-francais-cibles-etes-vous-concerne-par-la-fuite/