Data leak at Westfield Club - customer information exposed
In February 2026, Unibail-Rodamco-Westfield disclosed unauthorised access to a database holding Westfield Club loyalty members' and newsletter subscribers' names, email addresses, phone numbers, postcodes and dates of birth; no financial data or passwords were exposed.
- Victim
- Westfield Club
On 27 February 2026, Westfield Club β the loyalty and newsletter programme run by shopping-centre giant Unibail-Rodamco-Westfield (URW) across its Westfield malls β began notifying customers by email of a data breach affecting their personal information.
URW detected unauthorised access to one of its IT systems in mid-February 2026 and determined that an outside party had reached a database containing details of Westfield Club loyalty members and newsletter subscribers. The company says it contained the incident as soon as it was discovered, launched an investigation and notified the relevant data protection authorities.
The exposed records were limited to contact and identity details:
- Full names
- Email addresses
- Phone numbers
- Postcodes
- Dates of birth
URW emphasised that no financial information β bank account numbers or payment card data β and no account passwords were involved. There is no evidence so far that the data has been misused, but affected customers were warned to stay alert for phishing attempts and reminded that the company never asks for card numbers or passwords by email, phone or SMS.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-27-westfield-club
- retaildetail.euhttps://www.retaildetail.eu/news/general/largest-shopping-center-in-the-netherlands-affected-by-data-breach/
- eastvillagehub.co.ukhttps://eastvillagehub.co.uk/updates/news/article/westfield-loyalty-club-members-warned-after-data-breach/