Skip to content
Data breachOngoing

Moulin Roty: customer data exposed after a cyberattack

On 18 April 2026 French toy and baby-goods brand Moulin Roty emailed customers to warn that a cyberattack on its shared Magento e-commerce platform may have exposed identity, contact, account-login, purchase-history and marketing data, though no compromise was confirmed and banking details were not affected.

Victim
Moulin Roty

On 18 April 2026, Moulin Roty β€” a well-known French maker of toys and baby and children's goods β€” emailed its customers to warn them of a cyberattack affecting its online store (moulinroty-maboutique.com). The incident stemmed from a compromise of the shared Magento e-commerce platform on which the site runs, part of a wider wave of attacks against Magento merchants in which threat actors planted backdoors and skimmers across many shops at once β€” a domino effect impacting numerous retailers simultaneously.

Moulin Roty stated that it had no element confirming with certainty that personal data had been compromised, but that the risk could not be entirely ruled out. The data categories potentially at risk for affected accounts were:

  • Identity details (first name, last name)
  • Contact details (email address)
  • Customer-account credentials (email/login)
  • Purchase history
  • Marketing preferences

The company stressed that banking and payment-card data were not affected. As a precaution it advised customers to change their passwords, watch for unusual account activity, and stay alert to phishing attempts, reminding them that it never asks for passwords or banking details by phone or messaging.

The number of affected customers was not disclosed. As of the company's 22 April update the investigation remained ongoing, and no confirmed data exfiltration had been published.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/moulin-roty-les-donnees-clients-exposes-apres-cyberattaque/
  2. frenchbreaches.comhttps://frenchbreaches.com/alertes/moulin-roty-mo48r43oxyvhpucthkk
  3. zataz.comhttps://www.zataz.com/saison-des-soldes-les-attaques-se-multiplient-un-tiers-des-sites-magento-attaques/

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K