Skip to content
Data breachContained

Leroy Merlin: more than 367,000 customers exposed in a leak linked to the Leroy&moi program

On May 6, 2026, a threat actor using the alias Lagui posted a database of 367,462 Leroy Merlin France loyalty-program customers — names, dates of birth, contact details, postal addresses and account data — said to have been harvested by automated scraping of the Leroy&moi platform.

Victim
Leroy Merlin
records
367.5K

On 6 May 2026, Leroy Merlin — the French DIY and home-improvement retail chain — was exposed when a threat actor using the alias Lagui published a customer database on a cybercrime forum, complete with a sample of records to prove its authenticity. The dataset was attributed to the retailer's Leroy&moi loyalty program rather than to its full systems.

According to the attacker, the data was not the result of a system intrusion but of automated web scraping carried out over several weeks against the Leroy&moi loyalty platform, exploiting weak protections against automated requests. The leak covers 367,462 complete customer profiles.

The exposed data reportedly includes:

  • Full names and dates of birth
  • Email addresses and phone numbers
  • Postal addresses
  • Loyalty-program details, account status and login history
  • Additional personal information such as marital status and number of children

Leroy Merlin stated that no financial or banking data and no account passwords were compromised. The company said its security teams acted quickly to block unauthorized access once the activity was detected and took measures to prevent further leakage while continuing to monitor its systems. The primary residual risk for affected customers is heightened phishing and social-engineering activity, including loyalty-themed scams and identity-theft attempts.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/leroy-merlin-plus-de-367-000-clients-exposes-dans-une-fuite-liee-au-programme-leroymoi/
  2. solutions-numeriques.comhttps://www.solutions-numeriques.com/fuite-de-donnees-chez-leroy-merlin-apres-une-cyberattaque/
  3. linformaticien.comhttps://www.linformaticien.com/magazine/cybersecurite/64209-leroy-merlin-cible-d-une-cyberattaque-des-donnees-clients-exposees.html
  4. bitdefender.comhttps://www.bitdefender.com/fr-fr/blog/hotforsecurity/alerte-leroy-merlin-une-cyberattaque-expose-des-donnees-personnelles

Related incidents

Data breachContained

Leak at Leroy Merlin

In December 2025, French DIY retailer Leroy Merlin disclosed a cyberattack that exposed the loyalty-program data of several hundred thousand French customers, including names, contact details, postal addresses and dates of birth; no banking data or passwords were affected.

Victim
Leroy Merlin
Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K