Skip to content
Data breachContained

Data leak at Magasins U - unspecified volume

In April 2026, French retail cooperative Magasins U notified loyalty-card holders that unauthorized access to its magasins-u.com customer area exposed personal data including names, contact details and loyalty-card numbers, though banking data was not affected.

Victim
Magasins U

On 21 April 2026, Magasins U β€” the French retail cooperative behind the Super U, Hyper U and U Express supermarket brands β€” began notifying loyalty-card holders by email that their customer accounts on the magasins-u.com portal had been compromised. The retailer disclosed the breach publicly around 22 April and reported it to the French data-protection authority (CNIL) within the GDPR's 72-hour window.

The intrusion targeted customers' online loyalty accounts. While the cooperative did not detail the exact mechanism, it said it detected suspicious activity on the portal and reinforced its protections β€” including enhanced anti-bot defenses β€” consistent with an automated attack against the customer login area rather than a deep compromise of internal systems.

The exposed data covered loyalty-account profile information:

  • Title/salutation and customer status
  • First and last name
  • Email and postal address
  • Phone number
  • Loyalty card number

Magasins U stated that banking and payment data were not affected. As a precaution it urged customers to change their account passwords (via the "forgot password" feature) and their loyalty-card PIN codes, and warned that the leaked contact details could be reused in phishing and spear-phishing campaigns. The number of affected customers was not disclosed.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-04-21-magasins-u
  2. boursorama.comhttps://www.boursorama.com/budget/conso/actualites/magasins-u-les-comptes-fidelite-pirates-l-enseigne-invite-ses-clients-a-changer-leurs-mots-de-passe-f3c3bba7bf38531e8f8584f71ef84f32
  3. generation-nt.comhttps://www.generation-nt.com/actualites/cyberattaque-super-u-donnees-personnelles-fuite-phishing-2074508

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K