Auchan Discloses Data Breach: Hundreds of Thousands of Customers' Personal Information Exposed

French retailer Auchan has disclosed a data breach that has left hundreds of thousands of customers' personal information exposed. The company has notified the affected individuals, who can expect to receive new loyalty cards and restore their Waaoh savings.

The Scope of the Breach

The data breach, which occurred through an unauthorized access to certain personal data associated with customers' loyalty accounts, revealed sensitive information including title, surname, first name, address, telephone number, email address, and card number. However, bank details, passwords, and PINs remained unaffected by the breach.

Response from Auchan

Auchan has taken immediate action to stop the attack and reinforce its information systems. The company has notified the French data protection watchdog CNIL and implemented measures to protect customer data. In response to the incident, the retail giant has deactivated the cards of the impacted individuals, who must visit stores for new cards to restore their Waaoh savings.

Expert Insights

"The scope of the intrusion affects the customer's identity and their complete profile, opening the way to multiple malicious uses such as spoofing, phishing, and illegal commercial targeting," reports media outlet Zataz. According to experts, this highlights the sensitivity of loyalty card systems and the importance of robust security measures.

Advice from Auchan

Auchan advises customers to stay alert against phishing attempts via email, SMS, or phone calls. The company stresses that it will never request credentials, passwords, or loyalty card PINs through these channels. Suspicious messages should be ignored: don't click links, don't call listed numbers, and don't trust their content.

What to Do

In case of doubt or unusual activity, Auchan recommends contacting the official French cyber victim assistance service at www.cybermalveillance.gouv.fr to report incidents and protect your rights.

Next Steps

This marks Auchan's second disclosed data breach in a year, with the latest notice resembling the one sent to customers in November 2024. As more details about the attack become available, it remains unclear whether it is isolated or tied to broader breaches like the November 2024 incident.

Stay Safe Online

Experts warn that data breaches can have severe consequences for individuals and organizations alike. It's essential to stay vigilant online and take proactive measures to protect your personal information. Follow security tips and guidelines from reputable sources, such as the French cyber victim assistance service, to minimize your risk of falling victim to similar attacks.

Stay informed about the latest developments in data breaches and cybersecurity by following this publication on Twitter: @securityaffairs, Facebook, and Mastodon.