French Telecom and Retail Breaches Expose Millions of Customer Records
French telecommunications provider Bouygues Telecom disclosed a cyberattack that led to the exposure of nearly 6.4 million customer records, including 5.7 million unique email addresses. The compromised data reportedly included names, physical addresses, phone numbers, dates of birth, and IBANs, raising concerns about fraud and financial abuse. The company said affected customers were notified after detecting the intrusion into its services.
French electronics retailer Boulanger also suffered a major breach in which more than 27 million rows of data were exposed, including 2 million unique email addresses. The leaked information reportedly included names, physical addresses, phone numbers, and even latitude and longitude data. Unlike the Bouygues incident, the stolen Boulanger dataset was later posted publicly on a hacking forum, significantly increasing the likelihood of downstream misuse, phishing, and identity-related abuse.
Timeline
Mar 18, 2026
Bouygues Telecom notifies affected customers
Following the August 2025 incident, Bouygues Telecom stated that all affected customers had been notified about the breach. The notification concerned the exposure of personal and banking-related customer information.
Mar 18, 2026
Stolen Boulanger data is posted on a hacking forum
After the September 2024 breach, the stolen Boulanger dataset was publicly posted on a popular hacking forum. This public exposure increased the risk of misuse and broader dissemination of the customer data.
Aug 1, 2025
Bouygues Telecom detects cyber attack and data breach
In August 2025, Bouygues Telecom detected a cyber attack against its services that resulted in a breach affecting nearly 6.4 million customer records. Exposed data reportedly included 5.7 million unique email addresses, names, physical addresses, phone numbers, dates of birth, and IBANs.
Oct 1, 2024
Free suffers customer data breach
In October 2024, French ISP Free experienced a data breach exposing customer information. The leaked dataset reportedly included 14 million unique email addresses, along with names, physical addresses, phone numbers, genders, dates of birth, and many IBAN bank account numbers.
Sep 1, 2024
Boulanger suffers customer data breach
In September 2024, French electronics retailer Boulanger experienced a data breach exposing more than 27 million rows of customer data. The compromised information reportedly included 2 million unique email addresses, names, physical addresses, phone numbers, and latitude/longitude data.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Customer Data Exposed in LDLC and LuLu Retail Breaches
French retailer **LDLC** disclosed a breach affecting customers of its physical stores after stolen data was advertised for sale on a hacking forum. The exposed dataset reportedly included **1.26 million unique email addresses** along with customers' names, phone numbers, and physical addresses, indicating broad exposure of personally identifiable information tied to retail transactions. Emirati retailer **LuLu** also suffered a customer data breach in which an initial set of about **190,000 email addresses** and linked phone numbers was shared on a hacking forum. The incident escalated when the threat actor later leaked a larger backup from **October 2022**, exposing an additional **2.6 million unique email addresses** as well as names, physical addresses, order data, and **`PBKDF2` password hashes**, significantly increasing the risk of account compromise and follow-on phishing or fraud.
1 months ago
French Education Breaches Expose Data on 1.7 Million People
French education authorities disclosed two significant breaches affecting both public and Catholic school administration systems. The Ministry of National Education said its `Compass` platform, used to manage trainee teachers in primary and secondary education, was compromised after a user reportedly opened a fraudulent email attachment and had credentials stolen. The incident exposed data on about **243,000 people**, including identity and contact details, absence periods, and the identities and professional phone numbers of tutors, though the ministry said no health data was involved. ANSSI was brought in, a crisis cell was opened, and the ministry announced a security plan centered on **multi-factor authentication**, stronger data segmentation, and reduced application exposure. Separately, the Secrétariat général de l’enseignement catholique reported a cyberattack on its management application for nursery and elementary schools that affected about **1.5 million people**. Unauthorized access exposed identification data for application users and contact information for students, families, and teachers, including names, postal and email addresses, phone numbers, and dates of birth, increasing the risk of phishing. The organization said it secured access, suspended affected services, notified authorities including the French Ministry of Education, and engaged specialist responders, while a forum user calling themselves **"Ryolait"** allegedly offered the stolen database for sale starting at **$2,000**. The incidents add to mounting concern over weak security in the education sector, which ANSSI has described as a frequent target of opportunistic attacks.
1 months ago
Data exposures tied to third-party access and credential misuse in Ukraine and France
Ukraine’s National Bank (NBU) took its **collectible coin/numismatic online store** offline after a cyberattack against a supporting **contractor** potentially exposed customer registration data (names, phone numbers, emails, and delivery addresses). The NBU said **core banking systems were not affected** and **no payment card or banking data** was compromised, but warned the exposed PII could be leveraged for **phishing** and other follow-on fraud; the incident was described as consistent with a **supply-chain** intrusion path. In France, authorities disclosed illegal access to a portion of the **National Bank Accounts File (FICOBA)**—a government database used for tax, customs, and law-enforcement purposes—after an attacker **impersonated a civil servant** and used valid credentials to query data. Officials said up to **1.2 million accounts** may have been impacted, with exposed fields potentially including account numbers, names, addresses, and in some cases tax identifiers; **DGFiP**, supported by **ANSSI**, is investigating and notifying affected individuals while banks were alerted to heighten fraud/phishing monitoring. Separately, **Safran Group** denied being cyberattacked, stating that a leaked dataset containing “non-strategic” order/customer details was **inadvertently exposed via a third-party provider**, with external analysis suggesting the compromise occurred elsewhere in the supply chain rather than within Safran’s own systems.
1 months ago