Leak at Côté Sushi
In March 2025, French sushi-delivery chain Côté Sushi had the personal data of roughly 1.1 million customers — names, dates of birth, emails and phone numbers — scraped from its loyalty/delivery database and offered for sale on a cybercrime forum.
- Victim
- Côté Sushi
- records
- 1.1M
On 4 March 2025, Côté Sushi — a French sushi-delivery and restaurant chain — was reported to have suffered a data breach exposing the personal information of about 1.1 million customers, with the dataset advertised for sale on a cybercrime forum.
The exposed records were extracted from what appears to be the chain's loyalty and delivery customer registry. According to the listing, the data was harvested through scraping, likely via a SQL-injection flaw or a compromised administrative API. The seller offered the file to a single buyer to keep the dataset exclusive.
Exposed data categories included:
- First and last names
- Dates of birth
- Email addresses
- Mobile phone numbers (mostly French +33 numbers)
The dataset is reported to contain 1,101,303 individual records. The combination of names, dates of birth, emails and phone numbers leaves affected customers exposed to targeted phishing, smishing and identity-fraud attempts. As of the disclosure, the data was circulating on the criminal market and the incident remained ongoing.
Sources
- brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-1-1-million-records-of-cote-sushi-on-sale/
- x.comhttps://x.com/DailyDarkWeb/status/2030961074279768118
- x.comhttps://x.com/_SaxX_/status/1900491274882371796