Two names have just been added to the already very long list of French companies victims of data breaches: the magazine Le Point and, above all, the mass distribution brand Auchan.
The end of the year apparently rhymes with data breaches, in 2024. Within a few months, many French companies have been hit by cyber security incidents. The list of recent victims is already long: SFR, Release, Bakerdriving school Ornicar, Best rates, Culture, Picard, Grobill, Molotov or even Truffaut.
Two more names can now be added to this incomplete list.
Le Point data breach
Cyber attacks: when people are the weak link
The French company Mailinblack enables you to protect your organization and educate your employees in the field of cyber security with U-Cyber 360°.
From a password manager to email security, ongoing training and attack simulations, this solution brings together all the tools to prevent cyber risks.
Primarily Point. The exfiltrated data includes the name, first name, e-mail, telephone number and postal address of an unspecified number of subscribers to the magazine. Sometimes some other information was also leaked, for example the date of birth. No more sensitive data such as bank details were extracted.
According to our colleagues, the incident affects both current subscribers and former readers. Analysis of the point is ” that considering the exfiltrated data, the risk (…) is relatively low “. The main threat remains a phishing attempt (phishing), masquerading as a press title to trap internet users.
The initial investigation suggests that this incident took advantage of an opening through a newspaper subcontractor. The magazine discusses the fraudulent use of a customer relationship management tool to recover information and then sell it on pirate forums. The CNIL and the authorities have been notified.
500,000 customers assigned to Auchan
Then Auchan. Mass distribution brand addressed email your customers to alert them of the data breach. Again, we are talking about name, first name, email, postal address, phone number, date of birth and secondary data (household composition, loyalty card number and prize pool amount).
The leak is significant because we talk 500,000 casualties. The good news, though: no banking information either passwordseven PIN codes are not at risk. On the other hand, they could later become the target of a specialized phishing campaign. Unwary customers could then supply these items.
Auchan does not date the incident, but the leak must have happened a short time ago. In any case, the brand should react quickly in case of personal data leakage. The rules in this matter shall be laid down very tight deadline between the moment the incident is detected and the moment communication takes place, especially with the CNIL.