French retailer Auchan said a cyberattack exposed the personal data of several hundred thousand loyalty-account holders, with unauthorized access to a range of identifying details tied to those accounts.
In a customer notification, Auchan said the data exposed included full names, title and client status, postal address, email address, phone number, and loyalty card number. The company stressed that bank data, passwords and PIN numbers were not affected.
Auchan said it has notified the French data protection authority (CNIL) about the breach and urged affected customers to remain vigilant for possible phishing attempts that could leverage the stolen information. The retailer added: “We remind you that Auchan will never ask you (whether by email, SMS, or phone) for your login details, passwords, or loyalty card PIN code. If you receive such a message, do not click on any link, do not call the indicated number, and ignore the information it contains, as it is most likely a phishing attempt.”
A company representative told French media that data belonging to “several hundred thousand” customers were exposed as a result of the incident. The Le Monde coverage cited in the record notes the breach followed similar disclosures by other major French entities in recent weeks, though investigators have not tied the incidents to a single campaign. Le Monde reported the statement from Auchan and the scope of data affected.
Auchan operates more than 2,100 stores in 13 countries across Europe and Africa, with about 154,000 employees and annual revenue exceeding $35 billion. The breach comes as French businesses continue to grapple with cyber threats that target consumer data and loyalty programs.
Bleeding-edge incidents of this kind have drawn commentary from security researchers and industry watchers, with some noting a pattern of attacks on large retailers’ loyalty systems