Data breach affected Auchan, affecting half a million customers


Two names have just been added to the already very long list of French companies victims of data breaches: the magazine Le Point and, above all, the mass distribution brand Auchan.

The end of the year apparently rhymes with data breaches, in 2024. Within a few months, many French companies have been hit by cyber security incidents. The list of recent victims is already long: SFR, Release, Bakerdriving school Ornicar, Best rates, Culture, Picard, Grobill, Molotov or even Truffaut.

Two more names can now be added to this incomplete list.

Le Point data breach

Primarily Point. The exfiltrated data includes the name, first name, e-mail, telephone number and postal address of an unspecified number of subscribers to the magazine. Sometimes some other information was also leaked, for example the date of birth. No more sensitive data such as bank details were extracted.

According to our colleagues, the incident affects both current subscribers and former readers. Analysis of the point is ” that considering the exfiltrated data, the risk (…) is relatively low “. The main threat remains a phishing attempt (phishing), masquerading as a press title to trap internet users.

The initial investigation suggests that this incident took advantage of an opening through a newspaper subcontractor. The magazine discusses the fraudulent use of a customer relationship management tool to recover information and then sell it on pirate forums. The CNIL and the authorities have been notified.

Cybercriminals are waiting for you to take the bait. // Source: CCO/Phuong Nguyen from PixabayCybercriminals are waiting for you to take the bait. // Source: CCO/Phuong Nguyen from Pixabay
A risk for Internet users is phishing by pirates. An allegory of a hacker trying to catch an unwary individual. // Source: CCO/Phuong Nguyen of Pixabay

500,000 customers assigned to Auchan

Then Auchan. Mass distribution brand addressed email your customers to alert them of the data breach. Again, we are talking about name, first name, email, postal address, phone number, date of birth and secondary data (household composition, loyalty card number and prize pool amount).

The leak is significant because we talk 500,000 casualties. The good news, though: no banking information either passwordseven PIN codes are not at risk. On the other hand, they could later become the target of a specialized phishing campaign. Unwary customers could then supply these items.

Auchan does not date the incident, but the leak must have happened a short time ago. In any case, the brand should react quickly in case of personal data leakage. The rules in this matter shall be laid down very tight deadline between the moment the incident is detected and the moment communication takes place, especially with the CNIL.

Go further

The prestigious Sorbonne University was hit by a cyber attack. // Source: University of Paris 1 Panthéon SorbonneThe prestigious Sorbonne University was hit by a cyber attack. // Source: University of Paris 1 Panthéon Sorbonne

comparison of the best mdp manager numberscomparison of the best mdp numerama manager



Source link

Leave a Comment