Skip to content
Supply chainOngoing

Leak at Grain de Malice (via Socloz)

Customer data of French womenswear retailer Grain de Malice was exposed in February 2026 through a breach of its omnichannel retail provider Socloz, leaking names, email addresses and phone numbers as part of a dataset of up to ~31 million records.

Victim
Grain de Malice

On 13 February 2026, Grain de Malice β€” a French womenswear chain belonging to the Beaumanoir group β€” was named among the brands affected by a large-scale breach of Socloz, the omnichannel retail platform it uses for stock management and click-and-collect / ship-from-store reservations.

The incident was a supply-chain compromise: the threat actor group DumpSec claimed to have stolen a dataset of up to roughly 31 million records from Socloz's platform, affecting customers of more than 150 retail brands across France and Europe. Because the data sits with the shared provider, Grain de Malice did not need to be breached directly for its customers' details to be exposed.

For Grain de Malice customers, the leaked fields seen in samples include:

  • Last name and first name
  • Email address
  • Phone number

The dataset, also containing reservation and order details, was being offered for sale on a hacker forum (BreachForums) rather than released as a full public dump. As of the disclosure, neither Socloz nor the affected brands had issued a public statement, and the incident remained ongoing with the data circulating commercially.

Sources

  1. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-31-million-records-of-socloz-leaked/
  2. hacknotice.comhttps://hacknotice.com/2026/02/17/fr-socloz-apple-lacoste-nike/
  3. dcod.chhttps://dcod.ch/2026/02/05/fuites-de-donnees-les-11-incidents-majeurs-au-5-fev-2026/

Related incidents

Supply chainContained

Leak at Jeu Jouet

French online toy retailer JeuJouet.com warned customers in April 2026 that its Magento e-commerce platform was compromised in a mass exploitation campaign, potentially exposing names, email addresses, account credentials and order data; no banking details were affected.

Victim
Jeu Jouet