Skip to content
Data breachContained

Data leak at Westfield Club - customer information exposed

In February 2026, Unibail-Rodamco-Westfield disclosed unauthorised access to a database holding Westfield Club loyalty members' and newsletter subscribers' names, email addresses, phone numbers, postcodes and dates of birth; no financial data or passwords were exposed.

Victim
Westfield Club

On 27 February 2026, Westfield Club β€” the loyalty and newsletter programme run by shopping-centre giant Unibail-Rodamco-Westfield (URW) across its Westfield malls β€” began notifying customers by email of a data breach affecting their personal information.

URW detected unauthorised access to one of its IT systems in mid-February 2026 and determined that an outside party had reached a database containing details of Westfield Club loyalty members and newsletter subscribers. The company says it contained the incident as soon as it was discovered, launched an investigation and notified the relevant data protection authorities.

The exposed records were limited to contact and identity details:

  • Full names
  • Email addresses
  • Phone numbers
  • Postcodes
  • Dates of birth

URW emphasised that no financial information β€” bank account numbers or payment card data β€” and no account passwords were involved. There is no evidence so far that the data has been misused, but affected customers were warned to stay alert for phishing attempts and reminded that the company never asks for card numbers or passwords by email, phone or SMS.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-27-westfield-club
  2. retaildetail.euhttps://www.retaildetail.eu/news/general/largest-shopping-center-in-the-netherlands-affected-by-data-breach/
  3. eastvillagehub.co.ukhttps://eastvillagehub.co.uk/updates/news/article/westfield-loyalty-club-members-warned-after-data-breach/

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K