French DIY retailer Leroy Merlin reports data breach

French home improvement and gardening retailer Leroy Merlin is reporting a data breach that compromised the personal information of several hundred thousand customers in France. 

The incident targeted the company's information systems and affected customers enrolled in the retailer's loyalty program. The company confirmed it implemented containment measures and has notified the national data protection authority France's Commission Nationale de l'Informatique et des Libertés (CNIL).

The compromised data types include:

• Full names
• Phone numbers
• Email addresses
• Postal addresses
• Dates of birth
• Loyalty program-related information

The nature of the attack and the number of affected individuals are not disclosed. 

The company sent notifications to impacted individuals beginning on December 2, 2025. The company has filed a formal complaint with law enforcement authorities.

Customers are advised not to respond to suspicious requests for personal information and to report any anomalies in their account activity or issues with loyalty program discounts directly to the company's customer service. Leroy Merlin has established dedicated support channels for affected customers and is providing ongoing updates regarding the security incident.