Leak at Murfy
In November 2025, French home-appliance repair and refurbishment company Murfy disclosed a data breach exposing the personal data of around 294,000 customers — names, email and postal addresses, phone numbers and service-history details — but no banking data or passwords.
- Victim
- Murfy
- records
- 294.1K
On 21 November 2025, Murfy — a French company specialising in the repair, refurbishment and resale of household appliances — was confirmed as the victim of a data breach after a customer database surfaced for sale on a dark-web forum. Murfy said it had identified and stopped the fraudulent intrusion on 9 November 2025, and that an attacker had gained unauthorised access to certain customer data.
The exposed dataset covered roughly 294,000 customers and combined standard personal identifiers with Murfy's internal service and payment-related metadata. According to the company and the leak listing, no banking data and no passwords were compromised — card payments are handled exclusively by Murfy's banking provider.
Exposed data categories included:
- First and last name
- Email address
- Postal address
- Phone number
- Account balance and payment-related flags (e.g. stored-card indicators, amounts paid)
- Exchanged messages, comments and reason for visit
- Assigned technician and repair history
Murfy secured its systems, notified the French data protection authority (CNIL), filed a criminal complaint and warned customers to be wary of phishing and fraudulent messages exploiting the leaked data, stressing that it would only ever contact them from its official domains. The incident is considered contained.
Sources
- murfy.frhttps://murfy.fr/information-violation-donnees
- stroople.comhttps://www.stroople.com/data-breach-observatory/data-breach-murfy-2025/
- botcrawl.comhttps://botcrawl.com/murfy-france-data-breach/
- brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-the-alleged-database-of-murfy-france-is-leaked/