Leak at LDLC
In early March 2024, French electronics retailer LDLC confirmed a data breach affecting roughly 1.5 million in-store customers, exposing names, postal addresses, email addresses and phone numbers, though no banking or sensitive data.
- Victim
- LDLC
- records
- 1.5M
On 1 March 2024, LDLC — a major French online and high-street retailer of computer hardware and electronics — confirmed that it had suffered a cyberattack resulting in the theft of personal data belonging to roughly 1.5 million customers. The leak was first spotted on cybercrime forums in late February 2024, where an attacker offered access to the database before publishing the full dataset.
According to LDLC, the breach affected customers of its physical stores (more than 80 outlets across France); buyers on the group's e-commerce sites were not impacted. The stolen records contained contact and identity details but, per the company, no banking or otherwise sensitive financial data.
Exposed data categories:
- Last and first names
- Postal addresses
- Email addresses
- Phone numbers
The threat actor claimed to have stolen data on 1.5 million customers and said LDLC declined to negotiate despite threats to resell the information. LDLC stated it immediately reinforced its protective measures, worked to limit the consequences, and launched an investigation into the origin of the incident.
Sources
- 01net.comhttps://www.01net.com/actualites/les-donnees-de-15-million-de-clients-ldlc-ont-ete-piratees.html
- groupe-ldlc.comhttps://www.groupe-ldlc.com/information-relative-a-un-incident-de-cybersecurite-2/
- zataz.comhttps://www.zataz.com/fuite-de-donnees-chez-ldlc/
- macg.cohttps://www.macg.co/ailleurs/2024/03/le-groupe-ldlc-victime-dune-fuite-de-donnees-142489