Skip to content
Data breachContained

Leak at Optic 2000

In early August 2025, French optician chain Optic 2000 was hit by a cyberattack — confirmed on 30 July 2025 and affecting four stores around Paris — that exposed customer records including names, social security numbers, dates of birth, postal addresses, phone numbers and optician details.

Victim
Optic 2000

On 8 August 2025, Optic 2000 — one of France's largest optician chains — was reported as the victim of a data breach affecting its customers. The group confirmed it had been targeted by a cyberattack on 30 July 2025, with four stores in the Paris area implicated: Paris, Nanterre, Houilles and Courbevoie.

The exposed data concerned customers of the affected stores and combined identity, contact and health-related fields, making the records especially sensitive given that they included social security numbers tied to optical care.

Categories of data reported as exposed:

  • Title, last name and first name
  • Social security number
  • Date of birth
  • Postal address
  • Customer number
  • Phone number
  • Store concerned and the name of the treating optician

As an optician handling vision-care and reimbursement information, Optic 2000 manages personal data that overlaps with health records, raising the stakes of the exposure. The chain acknowledged the incident and scoped it to the four stores involved. This event is distinct from a separate, later breach of Optic 2000 franchisee invoice data in 2026, and the two should not be conflated.

Sources

  1. illicium.iohttps://illicium.io/cert/bulletins/ICB-2025-8004
  2. futura-sciences.comhttps://www.futura-sciences.com/tech/actualites/cybersecurite-optic-2000-auchan-optique-atol-lunetiers-francais-cibles-cyberattaque-precedent-134800/
  3. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Optic%202000-2025-08-08

Related incidents

Data breachContained

Leak at Médecin Direct

MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

Victim
Médecin Direct
Data breachContained

Leak at Itelis

In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

Victim
Itelis
Data breachContained

Data leak at Weda

On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

Victim
Weda