Leak at King Jouet
In February 2025, French toy retailer King Jouet was hit by a breach of its online order-tracking interface; a hacker claimed 4.3 million records, but the company said fewer than 25,000 customers across two stores had names, contact details and order information exposed.
- Victim
- King Jouet
On the night of 8β9 February 2025, King Jouet β a French toy and games retailer β was targeted by a cyberattack that exposed personal data of its online customers. A threat actor claimed on a cybercrime forum to have stolen a database of around 4.3 million accounts and offered it for sale for a token sum.
King Jouet confirmed the intrusion but contested the scale. According to the company, the attack hit the online order-tracking interface for just two of its stores and affected fewer than 25,000 customers. No payment or banking data was compromised. Security researchers noted the same actor may have inflated the scope of other supposed breaches around the same period.
The exposed data was limited to personal contact and order details:
- First and last name
- Email address
- Phone number
- Postal address
- Order details
King Jouet said it took the urgent remedial steps: it notified the French data protection authority (CNIL), filed a criminal complaint, secured the affected systems, and informed the customers concerned.
Sources
- zataz.comhttps://www.zataz.com/un-piratage-dampleur-frappe-king-jouet-plus-de-4-millions-de-donnees-compromises/
- clubic.comhttps://www.clubic.com/actualite-553575-king-jouet-a-ete-piratee-l-enseigne-et-le-hacker-se-livrent-a-une-bataille-des-chiffres-digne-d-une-manifestation.html