Moulin Roty: customer data exposed after a cyberattack
On 18 April 2026 French toy and baby-goods brand Moulin Roty emailed customers to warn that a cyberattack on its shared Magento e-commerce platform may have exposed identity, contact, account-login, purchase-history and marketing data, though no compromise was confirmed and banking details were not affected.
- Victim
- Moulin Roty
On 18 April 2026, Moulin Roty β a well-known French maker of toys and baby and children's goods β emailed its customers to warn them of a cyberattack affecting its online store (moulinroty-maboutique.com). The incident stemmed from a compromise of the shared Magento e-commerce platform on which the site runs, part of a wider wave of attacks against Magento merchants in which threat actors planted backdoors and skimmers across many shops at once β a domino effect impacting numerous retailers simultaneously.
Moulin Roty stated that it had no element confirming with certainty that personal data had been compromised, but that the risk could not be entirely ruled out. The data categories potentially at risk for affected accounts were:
- Identity details (first name, last name)
- Contact details (email address)
- Customer-account credentials (email/login)
- Purchase history
- Marketing preferences
The company stressed that banking and payment-card data were not affected. As a precaution it advised customers to change their passwords, watch for unusual account activity, and stay alert to phishing attempts, reminding them that it never asks for passwords or banking details by phone or messaging.
The number of affected customers was not disclosed. As of the company's 22 April update the investigation remained ongoing, and no confirmed data exfiltration had been published.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/moulin-roty-les-donnees-clients-exposes-apres-cyberattaque/
- frenchbreaches.comhttps://frenchbreaches.com/alertes/moulin-roty-mo48r43oxyvhpucthkk
- zataz.comhttps://www.zataz.com/saison-des-soldes-les-attaques-se-multiplient-un-tiers-des-sites-magento-attaques/