Leak at Easy Cash
In April 2025, French second-hand retail chain Easy Cash disclosed a breach exposing the names, first names and dates of birth of around 92,000 customers, traced to a compromised in-store workstation.
- Victim
- Easy Cash
- records
- 92.0K
On 22 April 2025, Easy Cash β a French buy-and-sell chain of around 150 stores specialising in second-hand goods β notified its customers of a data breach affecting roughly 92,000 people. The company described a localised cybersecurity incident originating on a single in-store workstation, which attackers used as an entry point to reach customer records.
According to Easy Cash, the exposure was limited in scope. The retailer stressed that no banking data, no passwords and no credentials allowing access to Easy Cash accounts were compromised, and that no fraudulent use of the stolen data had been detected at the time of disclosure.
The exposed data was limited to:
- First name and last name
- Date of birth
Easy Cash notified affected customers (via SMS/email), advised them to change their account passwords as a precaution, alerted the relevant authorities, and engaged cybersecurity firm Orange Cyberdefense to investigate. The incident appears to have been contained to the compromised workstation and the limited dataset described above; a separate, much larger leak attributed to Easy Cash surfaced later and is a distinct event.
Sources
- next.inkhttps://next.ink/brief_article/easy-cash-victime-dun-vol-de-donnees-92-000-clients-concernes/
- clubic.comhttps://www.clubic.com/actualite-563148-l-enseigne-easy-cash-victime-d-une-cyberattaque-les-donnees-de-92-000-clients-dans-la-nature.html
- usine-digitale.frhttps://www.usine-digitale.fr/article/le-reseau-d-achat-revente-easy-cash-previent-ses-clients-d-une-fuite-de-donnees.N2231075