French home improvement retailer Leroy Merlin said it is notifying customers in France that personal information was compromised in a cyberattack, according to a notification published on social media by SaxX. The company operates in several European countries as well as South Africa and Brazil, employs about 165,000 people and reported annual revenue of $9.9 billion.
The company said the incident affected only customers in France and exposed full names, phone numbers, email addresses, postal addresses, dates of birth and loyalty program-related information.
Leroy Merlin said the breached data did not include banking information or online account passwords and that it took measures to block unauthorized access and contain the incident.
The notice indicated the stolen information had not been used maliciously and there was no sign it had been published or used for extortion, and no ransomware group had claimed responsibility at the time of publication. It was not clear how many customers were affected.
Customers who receive the notification were advised to remain vigilant for unsolicited communications, to follow guidance on how to identify phishing messages, and to report any account anomalies or trouble redeeming loyalty discounts to the company.