Leroy Merlin: more than 367,000 customers exposed in a leak linked to the Leroy&moi program
On May 6, 2026, a threat actor using the alias Lagui posted a database of 367,462 Leroy Merlin France loyalty-program customers — names, dates of birth, contact details, postal addresses and account data — said to have been harvested by automated scraping of the Leroy&moi platform.
- Victim
- Leroy Merlin
- records
- 367.5K
On 6 May 2026, Leroy Merlin — the French DIY and home-improvement retail chain — was exposed when a threat actor using the alias Lagui published a customer database on a cybercrime forum, complete with a sample of records to prove its authenticity. The dataset was attributed to the retailer's Leroy&moi loyalty program rather than to its full systems.
According to the attacker, the data was not the result of a system intrusion but of automated web scraping carried out over several weeks against the Leroy&moi loyalty platform, exploiting weak protections against automated requests. The leak covers 367,462 complete customer profiles.
The exposed data reportedly includes:
- Full names and dates of birth
- Email addresses and phone numbers
- Postal addresses
- Loyalty-program details, account status and login history
- Additional personal information such as marital status and number of children
Leroy Merlin stated that no financial or banking data and no account passwords were compromised. The company said its security teams acted quickly to block unauthorized access once the activity was detected and took measures to prevent further leakage while continuing to monitor its systems. The primary residual risk for affected customers is heightened phishing and social-engineering activity, including loyalty-themed scams and identity-theft attempts.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/leroy-merlin-plus-de-367-000-clients-exposes-dans-une-fuite-liee-au-programme-leroymoi/
- solutions-numeriques.comhttps://www.solutions-numeriques.com/fuite-de-donnees-chez-leroy-merlin-apres-une-cyberattaque/
- linformaticien.comhttps://www.linformaticien.com/magazine/cybersecurite/64209-leroy-merlin-cible-d-une-cyberattaque-des-donnees-clients-exposees.html
- bitdefender.comhttps://www.bitdefender.com/fr-fr/blog/hotforsecurity/alerte-leroy-merlin-une-cyberattaque-expose-des-donnees-personnelles