Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 4 December 2025 22:32
A cyberattack has affected Leroy Merlin, involving the personal data of numerous customers in France, impacting hundreds of thousands of individuals.
Leroy Merlin assures that “additional security measures have been implemented” with enhanced surveillance. “Data protection is a top priority for the brand,” adds the management, specifying that the CNIL (National Commission for Information Technology and Civil Liberties) has also been informed of the situation.
The stolen data primarily includes contact information, such as dates of birth, phone numbers, email addresses, names, addresses, and loyalty program information.
This information is enough to support highly credible phishing campaigns, tailored frauds, and social engineering techniques that exploit the trustworthy reputation of one of the safest and most popular brands in the DIY and home and garden products industry.
The company notified those affected of the breach, stating: “A cyberattack recently targeted our information system, and some of your personal data may have been leaked outside the company. As soon as the incident was detected, we took all necessary measures to prevent unauthorized access and contain the situation. The information at stake is your contact details (first name, last name, telephone number, email address, postal address, date of birth) and your loyalty program information.”
Fortunately, it appears that sensitive information such as accounts, passwords, and banking details were preserved. Italian customers were spared, as the incident only affected French customers.
The CNIL reported in its latest annual report that the number of violations is rapidly increasing in France. In just 12 months, more than one million people have been affected, and the number of successful attacks has doubled, from 20 to 40.
Redazione