Article Details

Auchan retailer data breach impacts hundreds of thousands of customers. French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. The company is sending data breach notifications to customers affected by the incident. "We are writing to inform you that Auchan has been the victim of a cyberattack. This attack resulted in unauthorized access to certain personal data associated with your loyalty account," reads the retailer's notification. According to the sample of the notice, the data exposed in the attack includes full names, title and client status, postal address, email address, phone number, and loyalty card number. The retailer underlines that bank data, passwords, and PIN numbers have not been impacted. In a statement for French media, a company representative said that data belonging to "several hundred thousand" of its customers was exposed containing the incident. Auchan is a French multinational retail group operating over 2,100 branches across 13 countries in Europe and Africa. The chain employs 154,000 people and has an annual revenue of over $35 billion. The company said it has notified the French Data Protection Authority (CNIL) about the data breach. In the meantime, Auchan advises letter recipients to remain vigilant for potential phishing attacks leveraging the stolen information. "We remind you that Auchan will never ask you (whether by email, SMS, or phone) for your login details, passwords, or loyalty card PIN code," warned Auchan. "If you receive such a message, do not click on any link, do not call the indicated number, and ignore the information it contains, as it is most likely a phishing attempt." BleepingComputer contacted Auchan several days ago to request more information about the attack, but the company has not provided a reply. The data breach at Auchan comes shortly after similar disclosures made by other large entities in France, including Air France and KLM, Orange, and Bouygues Telecom, some of which were linked to ShinyHunters' attacks on Salesforce. At this time, there's no evidence linking these attacks or suggesting a coordinated campaign targeting large businesses in the country. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.