Skip to content
Data breachContained

Leak at Easy Cash

In April 2025, French second-hand retail chain Easy Cash disclosed a breach exposing the names, first names and dates of birth of around 92,000 customers, traced to a compromised in-store workstation.

Victim
Easy Cash
records
92.0K

On 22 April 2025, Easy Cash β€” a French buy-and-sell chain of around 150 stores specialising in second-hand goods β€” notified its customers of a data breach affecting roughly 92,000 people. The company described a localised cybersecurity incident originating on a single in-store workstation, which attackers used as an entry point to reach customer records.

According to Easy Cash, the exposure was limited in scope. The retailer stressed that no banking data, no passwords and no credentials allowing access to Easy Cash accounts were compromised, and that no fraudulent use of the stolen data had been detected at the time of disclosure.

The exposed data was limited to:

  • First name and last name
  • Date of birth

Easy Cash notified affected customers (via SMS/email), advised them to change their account passwords as a precaution, alerted the relevant authorities, and engaged cybersecurity firm Orange Cyberdefense to investigate. The incident appears to have been contained to the compromised workstation and the limited dataset described above; a separate, much larger leak attributed to Easy Cash surfaced later and is a distinct event.

Sources

  1. next.inkhttps://next.ink/brief_article/easy-cash-victime-dun-vol-de-donnees-92-000-clients-concernes/
  2. clubic.comhttps://www.clubic.com/actualite-563148-l-enseigne-easy-cash-victime-d-une-cyberattaque-les-donnees-de-92-000-clients-dans-la-nature.html
  3. usine-digitale.frhttps://www.usine-digitale.fr/article/le-reseau-d-achat-revente-easy-cash-previent-ses-clients-d-une-fuite-de-donnees.N2231075

Related incidents

Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data β€” names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik