Security Alert: Leroy Merlin Experiences Data Breach

French DIY Retail Giant Leroy Merlin Experiences Data Breach

Leroy Merlin, a prominent French home improvement and gardening retailer, has issued a notification to its customers regarding a data breach that compromised their personal information.

Operating across multiple European countries, South Africa, and Brazil, Leroy Merlin boasts a workforce of 165,000 employees and generates an impressive annual revenue of $9.9 billion.

The breach specifically impacts customers in France, as confirmed in a social media post by SaxX_. The exposed data includes full names, phone numbers, email addresses, postal addresses, dates of birth, and loyalty program-related details.

The company’s notification to affected customers stated, “A recent cyberattack targeted our information system, potentially leading to the leakage of some of your personal data. Upon detection of the incident, we promptly implemented measures to prevent unauthorized access and mitigate the breach.”

Fortunately, the compromised information does not include sensitive data such as banking details or online account passwords. The company reassured customers that the stolen data has not been misused, although caution is advised against potential phishing attempts.

Customers who receive the notification are guided on recognizing fraudulent communications and urged to report any suspicious activity related to their accounts. Leroy Merlin emphasized the importance of remaining vigilant and promptly reporting any anomalies.

BleepingComputer has verified the authenticity of the notification and reached out to Leroy Merlin for further details on the breach and the extent of customer impact. As of now, there has been no response from the company.

Despite the breach, there have been no claims from ransomware groups regarding the attack at the time of this article’s publication.