Leak at Intersport
In March 2025, French sporting-goods retailer Intersport had data on roughly 3.4 million customers stolen via a compromised FTP server and put up for sale on BreachForums, exposing names, contact details, addresses, PayPal references and transaction history (no banking credentials).
- Victim
- Intersport
- records
- 3.4M
On 20 March 2025, Intersport β the French arm of the international sporting-goods retail group β was reported to have suffered a large customer data breach after a database surfaced for sale on the BreachForums cybercrime marketplace. The records were first detected in mid-March, with the underlying data dating back to December 2024. According to security monitor ZATAZ, the breach stemmed from access to an Intersport FTP server, reportedly tied to FTP credentials that had been sold on underground markets in late 2024.
The leaked database covered roughly 3.4 million customers (the seller cited 3,388,826 records). The attacker initially listed the data for about $2,500 on the forum, later dropping the asking price to around $1,000 in cryptocurrency.
Exposed data categories included:
- First and last names
- Email addresses, phone numbers
- Postal / delivery and billing addresses
- Customer support messages and user IDs
- PayPal references and transaction details (transaction and invoice numbers, amounts, dates, loyalty card numbers)
Intersport stated that no banking credentials or account passwords were compromised, but the exposed personal and transactional information carries a real risk of phishing and identity theft. The company advised customers to remain alert to fraudulent emails and reset their passwords, and said it had reinforced its security measures in response. This was one of several security incidents to affect Intersport entities in recent years.
Sources
- zataz.comhttps://www.zataz.com/fuite-de-donnees-chez-intersport-ce-que-les-clients-doivent-savoir/
- stroople.comhttps://www.stroople.com/data-breach-observatory/data-breach-intersport-2025/