Skip to content
Data breachContained

Leak at LDLC

In early March 2024, French electronics retailer LDLC confirmed a data breach affecting roughly 1.5 million in-store customers, exposing names, postal addresses, email addresses and phone numbers, though no banking or sensitive data.

Victim
LDLC
records
1.5M

On 1 March 2024, LDLC — a major French online and high-street retailer of computer hardware and electronics — confirmed that it had suffered a cyberattack resulting in the theft of personal data belonging to roughly 1.5 million customers. The leak was first spotted on cybercrime forums in late February 2024, where an attacker offered access to the database before publishing the full dataset.

According to LDLC, the breach affected customers of its physical stores (more than 80 outlets across France); buyers on the group's e-commerce sites were not impacted. The stolen records contained contact and identity details but, per the company, no banking or otherwise sensitive financial data.

Exposed data categories:

  • Last and first names
  • Postal addresses
  • Email addresses
  • Phone numbers

The threat actor claimed to have stolen data on 1.5 million customers and said LDLC declined to negotiate despite threats to resell the information. LDLC stated it immediately reinforced its protective measures, worked to limit the consequences, and launched an investigation into the origin of the incident.

Sources

  1. 01net.comhttps://www.01net.com/actualites/les-donnees-de-15-million-de-clients-ldlc-ont-ete-piratees.html
  2. groupe-ldlc.comhttps://www.groupe-ldlc.com/information-relative-a-un-incident-de-cybersecurite-2/
  3. zataz.comhttps://www.zataz.com/fuite-de-donnees-chez-ldlc/
  4. macg.cohttps://www.macg.co/ailleurs/2024/03/le-groupe-ldlc-victime-dune-fuite-de-donnees-142489

Related incidents

Data breachOngoing

Leak at LDLC

On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.

Victim
LDLC
Data breachUnknown

Leak at Electro Dépôt

Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.

Victim
Electro Dépôt
Data breachUnknown

Leak at Go Sport

In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

Victim
Go Sport
Data breachResolved

Data leak at Sport 2000

Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

Victim
Sport 2000
Records
4.4M