French retailer Boulanger hit by data breach Incident

French retailer Boulanger has been hit by a data breach and hackers have successfully stolen customer information in early September 2024. 

A threat actor using the nickname "horrormar44" has claimed responsibility for the Boulanger attack and  claimed to have obtained all customer data from the store.

Boulanger confirmed on Sunday that hackers had accessed their customer database, obtaining delivery addresses. The company assured customers that the incident had been contained and that all affected individuals had been notified. They emphasized that their "websites and mobile applications are operating normally and securely, with enhanced vigilance" following the breach.

The data exposed includes:

• Names
• Phone numbers
• Email addresses
• Postal/delivery addresses
• Delivery notes (including parking information near delivery addresses)

The nature of the attack is not disclosed.

According to information shared by the DarkWeb.vc Twitter account, the Boulanger breach affected 27,561,592 records from France. On September 6, 2024, the hacker published samples of the allegedly stolen information on the BreachForums website.

The published sample included various data fields such as customer IDs, personal information, and merchant details. Based on reporting by Le Monde, the data appears to have come from databases used by a subcontractor responsible for delivery services across multiple retailers, which may explain the coordinated nature of the attacks.

Update - as of 22nd of April 2025, the files with the leaked data are reportedly published on Breached Forums.