Skip to content
Data breachContained

Leak at Intersport

In March 2025, French sporting-goods retailer Intersport had data on roughly 3.4 million customers stolen via a compromised FTP server and put up for sale on BreachForums, exposing names, contact details, addresses, PayPal references and transaction history (no banking credentials).

Victim
Intersport
records
3.4M

On 20 March 2025, Intersport β€” the French arm of the international sporting-goods retail group β€” was reported to have suffered a large customer data breach after a database surfaced for sale on the BreachForums cybercrime marketplace. The records were first detected in mid-March, with the underlying data dating back to December 2024. According to security monitor ZATAZ, the breach stemmed from access to an Intersport FTP server, reportedly tied to FTP credentials that had been sold on underground markets in late 2024.

The leaked database covered roughly 3.4 million customers (the seller cited 3,388,826 records). The attacker initially listed the data for about $2,500 on the forum, later dropping the asking price to around $1,000 in cryptocurrency.

Exposed data categories included:

  • First and last names
  • Email addresses, phone numbers
  • Postal / delivery and billing addresses
  • Customer support messages and user IDs
  • PayPal references and transaction details (transaction and invoice numbers, amounts, dates, loyalty card numbers)

Intersport stated that no banking credentials or account passwords were compromised, but the exposed personal and transactional information carries a real risk of phishing and identity theft. The company advised customers to remain alert to fraudulent emails and reset their passwords, and said it had reinforced its security measures in response. This was one of several security incidents to affect Intersport entities in recent years.

Sources

  1. zataz.comhttps://www.zataz.com/fuite-de-donnees-chez-intersport-ce-que-les-clients-doivent-savoir/
  2. stroople.comhttps://www.stroople.com/data-breach-observatory/data-breach-intersport-2025/

Related incidents

Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data β€” names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik