Skip to content
Supply chainUnknown

La Redoute: a logistics database of 96,000 customers tied to deliveries leaked

On 4 May 2026 a hacker using the alias Lagui published a database of roughly 96,000 La Redoute customers — names, postal addresses, phone numbers, emails and order/delivery histories — that the retailer traced to a January 2026 breach at its logistics partner Relais Colis.

Victim
La Redoute
records
96.0K

On 4 May 2026, La Redoute — the French mail-order and e-commerce retailer — was named in a fresh data leak after a threat actor using the alias Lagui posted online a database of roughly 96,000 customers built around the retailer's shipping and delivery operations. The actor described the dataset as the product of automated scraping across delivery-related interfaces rather than a direct intrusion into La Redoute's core systems.

La Redoute pushed back on the framing of a direct breach, stating that the exposed records in fact originate from a January 2026 security incident at its logistics partner Relais Colis. Relais Colis confirmed in mid-January 2026 that it had been compromised through one of its own subcontractors, exposing personal data on a large scale; the La Redoute delivery records now circulating appear to be a subset attributable to that upstream, third-party compromise.

The exposed data reportedly includes:

  • Full names
  • Complete postal addresses
  • Phone numbers
  • Email addresses
  • Order and shipment numbers
  • Delivery and return histories

No banking details, passwords or payment information were reported as part of the dataset. While each field is routine for a delivery operation, the combination is highly useful for targeted phishing, fake-parcel and courier scams, and identity fraud. At the time of reporting La Redoute had not issued a full public confirmation, and the status of any regulatory notification or remediation remains unclear.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/la-redoute-une-base-logistique-de-96-000-clients-liees-aux-livraisons-en-fuite/
  2. cnews.frhttps://www.cnews.fr/vie-numerique/2026-01-16/un-risque-dexplosion-des-arnaques-la-livraison-relais-colis-confirme-avoir
  3. generation-nt.comhttps://www.generation-nt.com/actualites/relais-colis-cyberattaque-donnees-personnelles-piratage-phishing-2069228

Related incidents

Supply chainContained

Leak at Jeu Jouet

French online toy retailer JeuJouet.com warned customers in April 2026 that its Magento e-commerce platform was compromised in a mass exploitation campaign, potentially exposing names, email addresses, account credentials and order data; no banking details were affected.

Victim
Jeu Jouet
Supply chainOngoing

10,816 Canada Goose customers in a data leak

French customers of luxury outerwear brand Canada Goose were caught up in a data leak by the ShinyHunters extortion group, with 10,816 records in the France-related subset of a broader corpus of roughly 600,000 customer records traced to a third-party payment processor.

Victim
Canada Goose
Records
10.8K
Supply chainOngoing

Leak at Grain de Malice (via Socloz)

Customer data of French womenswear retailer Grain de Malice was exposed in February 2026 through a breach of its omnichannel retail provider Socloz, leaking names, email addresses and phone numbers as part of a dataset of up to ~31 million records.

Victim
Grain de Malice