Skip to content
Data breachUnknown

Leak at Electro Dépôt

Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.

Victim
Electro Dépôt

On 20 December 2024, Electro Dépôt — a French big-box electronics and home-appliance retailer — was named among the victims of a large compilation of leaked French consumer data. Customer records attributed to the company appeared as one component of a much larger cluster aggregating data from multiple separate breaches.

The data was uncovered by researchers who found an unsecured, misconfigured Elasticsearch server left open online by an unknown actor who appeared to be hoarding personal information harvested from French data breaches. The Electro Dépôt records formed one of at least 17 distinct breach sets in that database, alongside data attributed to other French and international brands such as Darty, Go-Sport, Intersport, LDLC, SFR and Sport 2000.

Across the affected sets, the exposed fields commonly included:

  • Full names
  • Email addresses
  • Phone numbers
  • Postal addresses
  • IP addresses
  • Partial payment-card information

The consolidated database held more than 95 million records in total — exceeding the population of France — though that figure covers all 17 breaches combined, not Electro Dépôt alone. The exact number of Electro Dépôt customers affected has not been independently confirmed, and the company has not published a specific statement tied to this disclosure. The status of any notification or regulatory follow-up remains unclear.

Sources

  1. cybernews.comhttps://cybernews.com/security/french-records-exposed-by-mysterious-data-hoarder/
  2. oodaloop.comhttps://oodaloop.com/briefs/cyber/over-90-million-french-records-exposed-mysterious-data-hoarder-leaves-instances-open/

Related incidents

Data breachUnknown

Leak at Go Sport

In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

Victim
Go Sport
Data breachResolved

Data leak at Sport 2000

Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

Victim
Sport 2000
Records
4.4M
Data breachContained

Data leak at Top Achat

On 12 December 2024, French PC-hardware e-tailer Top Achat (LDLC group) disclosed a breach exposing customer names, email and postal addresses; no passwords or payment data were affected. The intrusion was linked to an earlier compromise at parent company LDLC.

Victim
Top Achat
Data breachOngoing

Leak at LDLC

On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.

Victim
LDLC