Leak at Cultura
On 10 September 2024, French cultural-goods retailer Cultura disclosed that a breach at a shared third-party IT provider exposed the personal data of about 1.5 million customers, including names, contact details and order history; passwords and bank data were not affected.
- Victim
- Cultura
- records
- 1.5M
On 10 September 2024, Cultura β a major French retailer of cultural, creative and leisure goods β disclosed a data breach affecting roughly 1.5 million customers. The compromise did not originate inside Cultura's own systems but at a shared external IT service provider used by several retail brands operating online stores.
The intrusion at the provider's database occurred during the same early-September wave of attacks that also hit Boulanger; other brands such as Pepe Jeans, GrosBill and CyberTek were reported among the suspected victims of the same vendor compromise. Cultura said it identified and fixed the underlying vulnerability after being alerted.
The exposed data included:
- First and last name
- Customer identifier
- Email address and postal address
- Mobile/phone number
- Order and purchase history
According to Cultura, passwords and banking details were not compromised. The company notified France's data protection regulator (CNIL), filed a criminal complaint, and emailed affected customers individually, warning them to be alert to phishing attempts using the leaked contact information.
Sources
- next.inkhttps://next.ink/149551/boulanger-cultura-diviamobilites-les-fuites-de-donnees-se-multiplient/
- franceinfo.frhttps://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/cultura-victime-d-une-cyberattaque-les-donnees-de-1-5-million-de-clients-derobees_6774133.html
- lebigdata.frhttps://www.lebigdata.fr/cultura-donnees-d-15-million-de-clients-volees