Popular French retailers confirm hackers stole customer data

Avatar

Several well-known French retail brands reported having data stolen by a cyberattack late last week.

The targets include Boulanger, which specializes in electronics and home appliances, and the retailer Cultura. Several French media outlets reported the list of victims could be even longer.

Boulanger said in a statement on Sunday that hackers accessed customers’ delivery addresses but no banking data was leaked.

The company said the incident had been contained and that all affected customers had been notified. 

“Our websites and mobile applications are operating normally and securely, with enhanced vigilance,” Boulanger added.

On Friday, a threat actor using the nickname “horrormar44” claimed responsibility for the attack on Boulanger, claiming they had obtained all customer data from the store, including names, addresses, phone numbers, emails, and notes.

The hacker also published a sample of the allegedly stolen data on the BreachForums website. There was no mention of the attack’s objective or whether the threat actor had demanded a ransom.

According to local media reports, Cultura, which has 110 stores in France, also fell victim to a cyberattack. The company said that one of its external IT service providers “was the victim of a malicious intrusion into its database as part of an attack that targeted several stores.”

In a statement shared with local media and customers, Cultura said that hackers stole data from 1.5 million of its customers, including their names, phone numbers, email and postal addresses, as well as the contents of their orders. The brand claimed that passwords and banking data had not been compromised.

Cultura also said the vulnerability allowing the hacker access had been identified and corrective measures were implemented, without providing further details. The company has filed a complaint with local authorities.

Other brands potentially targeted include Truffaut, which specializes in gardening, plants, pets, and home decor, as well as Pepe Jeans, a clothing brand.

All of the data published by the threat actor appeared to come from databases used by a subcontractor responsible for delivery, according to a report by Le Monde, with the published sample including a column with notes on parking near delivery addresses. 

Boulanger and Cultura had not replied to Recorded Future News’ request for comment at the time of publication.

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

Next Post

Japanese media giant investigating another reported data leak by BlackSuit hackers

Related Posts

SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of
Avatar
Read More