Skip to content
Data breachContained

Leak at Murfy

In November 2025, French home-appliance repair and refurbishment company Murfy disclosed a data breach exposing the personal data of around 294,000 customers — names, email and postal addresses, phone numbers and service-history details — but no banking data or passwords.

Victim
Murfy
records
294.1K

On 21 November 2025, Murfy — a French company specialising in the repair, refurbishment and resale of household appliances — was confirmed as the victim of a data breach after a customer database surfaced for sale on a dark-web forum. Murfy said it had identified and stopped the fraudulent intrusion on 9 November 2025, and that an attacker had gained unauthorised access to certain customer data.

The exposed dataset covered roughly 294,000 customers and combined standard personal identifiers with Murfy's internal service and payment-related metadata. According to the company and the leak listing, no banking data and no passwords were compromised — card payments are handled exclusively by Murfy's banking provider.

Exposed data categories included:

  • First and last name
  • Email address
  • Postal address
  • Phone number
  • Account balance and payment-related flags (e.g. stored-card indicators, amounts paid)
  • Exchanged messages, comments and reason for visit
  • Assigned technician and repair history

Murfy secured its systems, notified the French data protection authority (CNIL), filed a criminal complaint and warned customers to be wary of phishing and fraudulent messages exploiting the leaked data, stressing that it would only ever contact them from its official domains. The incident is considered contained.

Sources

  1. murfy.frhttps://murfy.fr/information-violation-donnees
  2. stroople.comhttps://www.stroople.com/data-breach-observatory/data-breach-murfy-2025/
  3. botcrawl.comhttps://botcrawl.com/murfy-france-data-breach/
  4. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-the-alleged-database-of-murfy-france-is-leaked/

Related incidents

Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik