Leroy Merlin Confirms Data Breach Exposing Customer Information

Related

Order-Tracking App Shop Abused to Push Callback Phishing Attacks

What happened Threat actors are abusing Shop, Shopify’s order-tracking app,...

Polymarket Customers Lose $3 Million in Supply Chain Attack

What happened Polymarket said it will fully reimburse customers who...

Suspected Cyberattack Triggers False Emergency Alerts Across Brazil

What happened Brazil suspended its mobile phone emergency alert system...

Iranian Cyber Group Handala Claims Cal Water Hack

What happened Iran-linked threat actor Handala claimed it hacked California...

Share

What happened

French home improvement retailer Leroy Merlin reported a data breach after an unauthorized party accessed a third-party system that stored customer information. The company said the exposed data did not include payment details.

Who is affected

Customers in France who used specific Leroy Merlin online services are impacted. The company is notifying affected individuals and coordinating with authorities.

Why CISOs should care

The incident shows the ongoing risk tied to third-party vendors that handle sensitive data. Even large retail companies face exposure when external partners lack strong controls. CISOs need clear oversight of how vendors store and secure customer information.

3 practical actions

  1. Review vendor access and data handling policies to confirm they meet internal security requirements.

  2. Audit third-party systems that store customer or operational data and enforce least privilege.

  3. Update incident response plans to cover fast collaboration with vendors during breaches.

49d906b3470b7a39a77b0ee86a2350afcd336d56fb93d43f08f7ff248882d10d?s=150&d=mp&r=g
+ posts